Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Policy Restrictions & Failed Windows 11 Boot. Possible rootkit?

Started by Burritowel , Feb 21 2024 03:25 PM

  • Please log in to reply
26 replies to this topic

#1 Burritowel

Burritowel

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 21 February 2024 - 03:25 PM

My computer failed to boot upon startup when powered on a few days ago, and no amount of restarting, Windows troubleshooting, or Safe mode booting would get Windows running. It was only upon disabling Secure Boot in the BIOS that Windows would finally boot properly. I have since re-enabled Secure Boot, but am unsure if any malware weaseled its way down to a low level during this endeavor. An Avast One scan told me that "Malware or other threats could be running in your PC memory". A rootkit scan through MalwareBytes didn't throw any red flags. Farbar highlighted the following items for a fixlist:

 

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
ATTENTION: System Restore is disabled (Total:933.17 GB) (Free:733.55 GB) (79%)
 
Any insight would be very much appreciated!
 

Attached Files


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 10:30 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please run a new FRST Scan and copy/paste both reports in your reply, using multiple posts if the content is too long.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 01:03 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 28 February 2024 - 08:53 PM

Hi Gary,

 

Apologies for my slow response. I should be able to respond daily at this point if needed. I factory reset my laptop, which resolved all of my higher-level issues (safe boot not functioning, etc.) The logs from FRST no longer have any "ATTENTION" lines. Does this mean the device is clean? I've tried to attach the files, but can't figure out how to do so on the reply tool of this forum. The "My Media" tab will only show the previous logs that I linked in the original post.

 

Thank you for your patience,

Isaac


#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 09:56 PM

Hi Isaac.

Copy and paste the contents of each report in your reply, using multiple posts if the content is too long. I'll take a look to make sure all is well.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 29 February 2024 - 01:43 PM

Hi Gary,
 
Here are the logs. Thanks for your help!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by imver (administrator) on MSI (Micro-Star International Co., Ltd. Bravo 15 B7EDP) (29-02-2024 13:39:04)
Running from C:\Users\imver\Downloads\FRST64.exe
Loaded Profiles: imver
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.32.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(amdpmfservice.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) C:\Windows\System32\amdpmfserviceuser.exe
(A-Volute SAS -> A-Volute) C:\Users\imver\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe ->) (Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\Base Module\Start_HDR.exe
(C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe ->) (Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\MSI_AI_Engine.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe <6>
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepositoryЀ139.inf_amd64_5620c4efdf31e94d\B399690\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryЀ139.inf_amd64_5620c4efdf31e94d\B399690\atieclxx.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <48>
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2312.18.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b16b1eb6c6a2820f\RtkAudUService64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) C:\Windows\System32\amdpmfservice.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryЀ139.inf_amd64_5620c4efdf31e94d\B399690\atiesrxx.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_aab086749a1a9302\RtkAudUService64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2401.1001.10.0_x64__8wekyb3d8bbwe\XboxGameBarWidgets.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2401.1001.10.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\imver\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Engine.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_aab086749a1a9302\RtkAudUService64.exe [1921832 2024-01-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\Run: [MicrosoftEdgeAutoLaunch_35912215D33AB9FFFE8852B0B86968D1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-02-26] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [145336 2023-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [66220968 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Uninstall 24.020.0128.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\24.020.0128.0003" [0 2024-02-29] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe [2024-02-24] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {73AC5C2C-D661-451E-B91A-21229001C42A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {D448635B-C9F9-4283-A0DB-3AA2C649EC64} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A5B2BB67-1378-4803-B783-A45E1064D4DE} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {8DD650A1-6CEF-4CB0-A181-264150607B75} - System32\Tasks\AMDScoSupportTypeUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {603A4D6B-C0F7-44A2-B71C-B9776EC01B22} - System32\Tasks\GoogleUpdateTaskMachineCore{68937CB5-A689-4DE4-BC2E-20941934D14E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-24] (Google LLC -> Google LLC)
Task: {8D088295-EE2F-4155-B8C0-BC934A884EAC} - System32\Tasks\GoogleUpdateTaskMachineUA{913D7081-1F63-430B-B4F5-F24D968C0482} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-24] (Google LLC -> Google LLC)
Task: {DEE750F8-2E66-4A8E-A49A-B5713DD1825E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C7DD97E-84F4-4D6B-94AE-58D17062B704} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D3B5A7F-360A-4374-B633-EFFF30EEF6B6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {84AE9F03-16B4-4E12-9730-90AD140C3A2B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {62D5F9AD-39F5-46F1-BDE4-2F0D4751D172} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {A0BDA1D2-D812-4070-94D4-500CCB130AD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57CC245F-F51D-4798-B3F6-E6EB0D903014} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C332E6DA-6CF9-4043-9049-9CE1AAC7B7A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EECF8DE9-D7FB-4DCA-B40B-8CFF4363BB28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71D00E24-8374-44D0-969E-929DFCC61915} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {106BC660-DFB8-4F34-9AD7-469595D85670} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe [1117448 ] (A-Volute SAS -> Nahimic)
Task: {2B6CE00F-6E6E-400D-98DA-BB2DEC782014} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe [1437448 ] (A-Volute SAS -> Nahimic)
Task: {256D560E-6621-4090-A216-5781EABCEDF9} - System32\Tasks\OmApSvcBroker => C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe [872592 2024-01-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {F296906D-F5BF-402D-A567-1ECE5821243B} - System32\Tasks\OneDC_Updater => C:\Users\imver\Documents\temp\OneDC_Updater\OneDC_Updater.exe [657552 2023-11-30] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {969B6976-64F6-4490-8DF0-62D38AE2A5D6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3A121204-C4AA-4D7A-B428-E277F55CF1AA} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.28.2
Tcpip\..\Interfaces\{c35e8712-7d08-4e73-902d-39d797252e06}: [DhcpNameServer] 172.16.28.2
Tcpip\..\Interfaces\{c35e8712-7d08-4e73-902d-39d797252e06}: [DhcpDomain] burrburton.home
Tcpip\..\Interfaces\{c35e8712-7d08-4e73-902d-39d797252e06}\4323: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Edge: 
=======
Edge Profile: C:\Users\imver\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-29]
Edge Extension: (Google Docs Offline) - C:\Users\imver\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-22]
Edge Extension: (Edge relevant text changes) - C:\Users\imver\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-22]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default [2024-02-29]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-02-24]
CHR Extension: (Annotate: Web Annotations with Screen Sharing) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdojjgflncpbcfmenbkndfhoamlhajmf [2024-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-24]
CHR Extension: (Protractor) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjldaeddnfokhmgdlmpdlecmobaonnj [2024-02-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2024-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\imver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-24]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdpmfservice; C:\Windows\System32\amdpmfservice.exe [53136 2023-07-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [171248 2023-05-11] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe [100496 2023-11-03] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Sendevsvc; C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe [311536 2023-05-11] (Micro-Star International CO., LTD. -> )
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [149608 2024-01-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe [140528 2022-05-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1909512 2023-11-14] (A-Volute SAS -> Nahimic)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMDAfdAudioService; C:\Windows\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_b8f7ebeb2ea11a27\amdacpafd.sys [435632 2023-12-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [36800 2023-09-27] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdpmf; C:\Windows\System32\drivers\amdpmf.sys [202136 2023-07-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [58952 2024-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepositoryЀ139.inf_amd64_5620c4efdf31e94d\B399690\amdkmdag.sys [100084752 2024-02-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2024-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 kipudrv; C:\Windows\System32\DriverStore\FileRepository\kipudrv.inf_amd64_29f6c536b3d81bc0\kipudrv.sys [1058752 2023-12-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 MTKBTFilterx64; C:\Windows\System32\drivers\mtkbtfilterx.sys [401856 2023-09-07] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1681752 2023-09-07] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 NahimicBTLink; C:\Windows\System32\drivers\NahimicBTLink.sys [86200 2022-08-18] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [86224 2022-08-19] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_bdcf963059f55423\rt68cx21x64.sys [713112 2023-03-15] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-02-22] (Microsoft Windows -> )
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-29 13:39 - 2024-02-29 13:39 - 000023592 _____ C:\Users\imver\Downloads\FRST.txt
2024-02-29 13:39 - 2024-02-29 13:39 - 000000000 ____D C:\Users\imver\Downloads\FRST-OlderVersion
2024-02-29 09:41 - 2024-02-29 09:41 - 008052777 _____ C:\Users\imver\Downloads\original_msg.eml
2024-02-29 09:10 - 2024-02-29 09:10 - 000000000 ___HD C:\OneDriveTemp
2024-02-28 21:12 - 2024-02-28 21:12 - 000000040 _____ C:\Users\imver\Documents\1Password Emergency Kit.txt
2024-02-26 10:39 - 2024-02-26 10:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-25 12:41 - 2024-02-25 12:42 - 000000000 ____D C:\Windows\system32\MRT
2024-02-25 12:39 - 2024-02-25 12:39 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-25 12:39 - 2024-02-25 12:39 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-24 19:20 - 2024-02-24 19:20 - 000001221 _____ C:\Users\Public\Desktop\EVGA Unleash RGB.lnk
2024-02-24 19:20 - 2024-02-24 19:20 - 000000000 ____D C:\Users\imver\AppData\Roaming\EVGA
2024-02-24 19:20 - 2024-02-24 19:20 - 000000000 ____D C:\Users\imver\AppData\Local\EVGA_Co.,_Ltd
2024-02-24 19:20 - 2024-02-24 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2024-02-24 19:19 - 2024-02-24 19:19 - 000000000 ____D C:\Program Files (x86)\EVGA
2024-02-24 19:18 - 2024-02-24 19:19 - 042542596 _____ C:\Users\imver\Downloads\EVGA_UnleashRGB_1.0.25.0.zip
2024-02-24 16:07 - 2024-02-29 09:09 - 000000000 ____D C:\ProgramData\OmApSvcBroker
2024-02-24 16:07 - 2024-02-24 16:07 - 000003642 _____ C:\Windows\system32\Tasks\OneDC_Updater
2024-02-24 16:07 - 2024-02-24 16:07 - 000002974 _____ C:\Windows\system32\Tasks\OmApSvcBroker
2024-02-24 16:07 - 2024-02-24 16:07 - 000000000 ____D C:\Users\imver\Documents\temp
2024-02-24 15:39 - 2024-02-29 13:36 - 000003094 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2024-02-24 15:39 - 2024-02-29 13:36 - 000003086 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2024-02-24 15:39 - 2024-02-24 16:05 - 000000000 ____D C:\ProgramData\AMD
2024-02-24 15:39 - 2024-02-24 15:39 - 000003518 _____ C:\Windows\system32\Tasks\AMDScoSupportTypeUpdate
2024-02-24 15:39 - 2024-02-24 15:39 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2024-02-24 15:39 - 2024-02-24 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2024-02-24 15:37 - 2024-02-24 15:37 - 000003152 _____ C:\Windows\system32\Tasks\StartCN
2024-02-24 15:37 - 2024-02-24 15:37 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR
2024-02-24 15:37 - 2024-02-24 15:37 - 000002620 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask
2024-02-24 15:37 - 2024-02-24 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2024-02-24 15:37 - 2024-01-11 12:56 - 002968576 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\AMDBugReportTool.exe
2024-02-24 15:36 - 2024-02-04 20:52 - 002100752 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-24 15:36 - 2024-02-04 20:52 - 002100752 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-24 15:36 - 2024-02-04 20:52 - 001658896 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-24 15:36 - 2024-02-04 20:52 - 001658896 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-24 15:36 - 2024-02-04 20:52 - 001465888 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-24 15:36 - 2024-02-04 20:52 - 001465888 _____ C:\Windows\system32\vulkan-1.dll
2024-02-24 15:36 - 2024-02-04 20:52 - 001307240 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-24 15:36 - 2024-02-04 20:52 - 001307240 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000998816 _____ (AMD) C:\Windows\system32\atieclxx.exe
2024-02-24 15:36 - 2024-02-04 20:51 - 000731152 _____ C:\Windows\system32\hiprt0200064.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000608384 _____ C:\Windows\system32\GameManager64.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000503832 _____ C:\Windows\system32\EEURestart.exe
2024-02-24 15:36 - 2024-02-04 20:51 - 000462968 _____ C:\Windows\SysWOW64\GameManager32.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000266656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000228880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000196112 _____ (AMD) C:\Windows\system32\atimuixx.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000184440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2024-02-24 15:36 - 2024-02-04 20:51 - 000148608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 011526152 _____ C:\Windows\system32\amdsmi.exe
2024-02-24 15:36 - 2024-02-04 20:50 - 002255264 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 002129312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001639328 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001639328 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001338496 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001254304 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001059240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 001055248 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000536992 _____ C:\Windows\system32\atieah64.exe
2024-02-24 15:36 - 2024-02-04 20:50 - 000472992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000405920 _____ C:\Windows\SysWOW64\atieah32.exe
2024-02-24 15:36 - 2024-02-04 20:50 - 000142248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000138656 _____ C:\Windows\system32\amdxc64.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000118288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000114704 _____ C:\Windows\SysWOW64\amdxc32.dll
2024-02-24 15:36 - 2024-02-04 20:50 - 000074656 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 007559184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 007339024 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000801192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000678416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000569984 _____ C:\Windows\system32\amdgfxinfo64.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000543248 _____ C:\Windows\system32\dgtrayicon.exe
2024-02-24 15:36 - 2024-02-04 20:49 - 000433792 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000051216 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2024-02-24 15:36 - 2024-02-04 20:49 - 000048032 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 105442424 _____ C:\Windows\system32\amd_comgr_2.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 105432704 _____ C:\Windows\system32\amd_comgr.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 088636024 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 021762064 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 018723240 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64_6.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 001725752 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 001400208 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000524928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000471168 _____ C:\Windows\system32\amdlogum.exe
2024-02-24 15:36 - 2024-02-04 20:48 - 000390784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000374984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendr.stz
2024-02-24 15:36 - 2024-02-04 20:48 - 000360576 _____ C:\Windows\system32\clinfo.exe
2024-02-24 15:36 - 2024-02-04 20:48 - 000176768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000167248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000167136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000158864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000145424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000138320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000132384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2024-02-24 15:36 - 2024-02-04 20:48 - 000056528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendrmgr.stz
2024-02-24 15:36 - 2024-02-04 20:47 - 000572032 _____ C:\Windows\system32\amdmiracast.dll
2024-02-24 15:36 - 2024-02-04 20:47 - 000177568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2024-02-24 15:36 - 2024-02-04 20:47 - 000152224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2024-02-24 15:36 - 2024-02-04 20:47 - 000138320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2024-02-24 15:36 - 2024-02-04 20:08 - 031938072 _____ C:\Windows\system32\hiprt02000_amd.hipfb
2024-02-24 15:36 - 2024-02-04 20:08 - 002433848 _____ C:\Windows\system32\oro_compiled_kernels.hipfb
2024-02-24 15:36 - 2024-02-04 20:07 - 105651024 _____ C:\Windows\system32\amdxc64.so
2024-02-24 15:36 - 2023-08-10 14:45 - 000049584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ANR-bgproc-Lib.dll
2024-02-24 15:36 - 2023-05-24 06:42 - 000061888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdxe.sys
2024-02-24 15:33 - 2024-02-24 15:33 - 000000000 ____D C:\Users\imver\AppData\Roaming\AMD
2024-02-24 15:33 - 2024-02-24 15:33 - 000000000 ____D C:\Users\imver\AppData\Local\setup
2024-02-24 15:32 - 2024-02-24 15:32 - 048207840 _____ (AMD Inc.) C:\Users\imver\Downloads\amd-software-adrenalin-edition-24.1.1-combined-minimalsetup-240122_web.exe
2024-02-24 15:32 - 2024-02-24 15:32 - 000000000 ____D C:\Users\imver\AppData\Local\AMD_Common
2024-02-24 15:19 - 2024-02-24 15:19 - 000000000 ____D C:\Users\imver\Downloads\Live Update
2024-02-24 15:05 - 2024-02-24 15:05 - 000085782 _____ C:\Users\imver\Downloads\Rond'os Sheet Music.pdf
2024-02-24 15:00 - 2024-02-24 15:00 - 000000222 _____ C:\Users\imver\Desktop\Kerbal Space Program 2.url
2024-02-24 15:00 - 2024-02-24 15:00 - 000000000 ____D C:\Users\imver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-02-24 14:46 - 2024-02-28 13:35 - 000000000 ____D C:\ProgramData\Nahimic
2024-02-24 14:46 - 2024-02-24 14:46 - 000000000 ____D C:\Users\imver\AppData\Local\Nahimic
2024-02-24 14:45 - 2024-02-24 14:45 - 000000000 ____D C:\Users\imver\AppData\Local\Backup
2024-02-24 14:40 - 2024-02-24 14:59 - 000000000 ____D C:\Users\imver\AppData\Local\Steam
2024-02-24 14:40 - 2024-02-24 14:40 - 000000000 ____D C:\Users\imver\AppData\Local\CEF
2024-02-24 14:39 - 2024-02-29 13:36 - 000000000 ____D C:\Program Files (x86)\Steam
2024-02-24 14:39 - 2024-02-24 14:39 - 002296488 _____ C:\Users\imver\Downloads\SteamSetup.exe
2024-02-24 14:39 - 2024-02-24 14:39 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk
2024-02-24 14:39 - 2024-02-24 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-02-24 14:36 - 2024-02-24 14:36 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-24 14:27 - 2024-02-29 13:36 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-24 14:27 - 2024-02-24 15:31 - 000000000 ____D C:\Users\imver\AppData\Local\Google
2024-02-24 14:27 - 2024-02-24 14:27 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{913D7081-1F63-430B-B4F5-F24D968C0482}
2024-02-24 14:27 - 2024-02-24 14:27 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{68937CB5-A689-4DE4-BC2E-20941934D14E}
2024-02-24 14:27 - 2024-02-24 14:27 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-24 14:27 - 2024-02-24 14:27 - 000002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-24 14:27 - 2024-02-24 14:27 - 000000000 ____D C:\Program Files\Google
2024-02-24 14:26 - 2024-02-24 14:26 - 001376816 _____ (Google LLC) C:\Users\imver\Downloads\ChromeSetup.exe
2024-02-24 14:23 - 2024-02-24 14:23 - 000000000 ____D C:\Windows\system32\MSI
2024-02-22 11:08 - 2024-02-22 11:08 - 000000000 ____D C:\Users\imver\AppData\Local\OneDrive
2024-02-22 10:52 - 2024-02-22 10:52 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-22 10:51 - 2024-02-22 10:51 - 000000000 ____D C:\Windows\pss
2024-02-22 10:49 - 2024-02-24 14:26 - 000000000 ____D C:\Users\imver\AppData\Local\CrashDumps
2024-02-22 10:49 - 2024-02-22 10:49 - 000000000 ____D C:\Users\imver\AppData\Local\Publishers
2024-02-22 10:47 - 2024-02-22 10:47 - 000000000 ____D C:\Users\imver\AppData\Local\Comms
2024-02-22 10:46 - 2024-02-22 10:46 - 000000000 ____D C:\Users\imver\AppData\Local\VirtualStore
2024-02-22 10:44 - 2024-02-22 10:50 - 000023283 _____ C:\Users\imver\Downloads\Reference Addition.txt
2024-02-22 10:43 - 2024-02-29 13:39 - 000000000 ____D C:\FRST
2024-02-22 10:43 - 2024-02-22 10:50 - 000028562 _____ C:\Users\imver\Downloads\Reference FRST.txt
2024-02-22 10:42 - 2024-02-29 13:39 - 002386944 _____ (Farbar) C:\Users\imver\Downloads\FRST64.exe
2024-02-22 10:41 - 2024-02-29 09:10 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3731549638-1745586254-840529321-1001
2024-02-22 10:41 - 2024-02-22 10:41 - 000000000 ____D C:\Users\imver\AppData\Local\PlaceholderTileLogoFolder
2024-02-22 10:40 - 2024-02-29 09:10 - 000003354 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3731549638-1745586254-840529321-1001
2024-02-22 10:40 - 2024-02-29 09:10 - 000002386 _____ C:\Users\imver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-22 10:40 - 2024-02-29 09:10 - 000000000 ___RD C:\Users\imver\OneDrive
2024-02-22 10:40 - 2024-02-28 17:14 - 000000000 ____D C:\Users\imver\AppData\Local\D3DSCache
2024-02-22 10:38 - 2024-02-24 16:42 - 000000000 ____D C:\Users\imver\AppData\Local\Packages
2024-02-22 10:38 - 2024-02-24 16:10 - 000000000 ____D C:\Users\imver\AppData\Local\AMD
2024-02-22 10:38 - 2024-02-24 14:32 - 000002433 _____ C:\Users\imver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk
2024-02-22 10:38 - 2024-02-22 10:48 - 000000000 ____D C:\Users\imver\AppData\Local\ConnectedDevicesPlatform
2024-02-22 10:38 - 2024-02-22 10:38 - 000002355 _____ C:\Users\imver\Desktop\Microsoft Edge.lnk
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ___SD C:\Users\imver\AppData\Roaming\Microsoft\Crypto
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\Roaming\Microsoft\Vault
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\Roaming\Microsoft\Network
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\Roaming\Adobe
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\LocalLow\AMD
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\Local\NhNotifSys
2024-02-22 10:38 - 2024-02-22 10:38 - 000000000 ____D C:\ProgramData\Portrait Displays
2024-02-22 10:27 - 2024-02-25 14:21 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-22 10:27 - 2024-02-22 10:27 - 000000000 ____D C:\Windows\InboxApps
2024-02-22 10:21 - 2024-02-22 10:21 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2024-02-22 10:21 - 2024-02-22 10:21 - 000060462 _____ C:\Windows\system32\ctac.json
2024-02-22 10:08 - 2024-02-22 10:08 - 000000000 ___SD C:\Users\imver\AppData\Roaming\Microsoft\SystemCertificates
2024-02-22 10:07 - 2024-02-28 20:41 - 000000000 ____D C:\Users\imver
2024-02-22 10:07 - 2024-02-24 16:15 - 000000000 ____D C:\Users\imver\AppData\Roaming\Microsoft\Spelling
2024-02-22 10:07 - 2024-02-22 10:38 - 000000000 ____D C:\Users\imver\AppData\Roaming\Microsoft\Windows
2024-02-22 10:07 - 2024-02-22 10:07 - 000000020 ___SH C:\Users\imver\ntuser.ini
2024-02-22 10:07 - 2024-02-22 10:07 - 000000000 ___SD C:\Users\imver\AppData\Roaming\Microsoft\Protect
2024-02-22 10:07 - 2024-02-22 10:07 - 000000000 ___SD C:\Users\imver\AppData\Roaming\Microsoft\Credentials
2024-02-21 21:01 - 2024-02-28 20:42 - 000000000 ____D C:\MSI
2024-02-21 21:01 - 2024-02-21 21:01 - 000000000 _SHDL C:\Documents and Settings
2024-02-21 20:59 - 2024-02-21 20:59 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3731549638-1745586254-840529321-500
2024-02-21 12:40 - 2024-02-21 12:40 - 000346748 _____ C:\Windows\ntbtlog.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-29 13:37 - 2023-06-02 16:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-29 13:36 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-29 09:59 - 2023-06-02 16:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-29 09:15 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-29 09:10 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-29 09:10 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-29 09:09 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-28 21:13 - 2023-09-08 13:23 - 000000000 ____D C:\ProgramData\Common
2024-02-28 20:55 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2024-02-28 20:47 - 2023-06-02 16:39 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-28 20:42 - 2023-09-08 12:47 - 000003108 _____ C:\Windows\system32\Tasks\NahimicTask32
2024-02-28 20:42 - 2023-09-08 12:47 - 000003088 _____ C:\Windows\system32\Tasks\NahimicTask64
2024-02-28 20:42 - 2023-06-02 16:30 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-28 20:42 - 2023-06-02 16:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-28 20:41 - 2022-05-07 00:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-02-28 13:25 - 2023-06-02 16:32 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-02-28 09:51 - 2023-06-02 16:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-26 17:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-02-25 18:21 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-25 14:21 - 2023-06-02 16:30 - 000609392 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\OCR
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-25 14:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-25 12:43 - 2023-06-02 16:42 - 000000000 ____D C:\Windows\system32\zh-HANT
2024-02-25 12:43 - 2023-06-02 16:41 - 000000000 ____D C:\Windows\system32\zh-HANS
2024-02-25 12:39 - 2023-06-02 16:34 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-02-24 16:06 - 2023-09-08 12:22 - 000000000 ____D C:\Program Files (x86)\MSI
2024-02-24 16:05 - 2023-09-08 12:22 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-24 15:39 - 2023-09-08 00:23 - 000000000 ____D C:\Windows\system32\AMD
2024-02-24 15:37 - 2023-09-08 00:23 - 000000000 ____D C:\Program Files\AMD
2024-02-24 15:37 - 2023-06-02 16:32 - 000000000 ____D C:\ProgramData\Packages
2024-02-24 15:35 - 2023-09-08 00:21 - 000000000 ____D C:\AMD
2024-02-24 15:31 - 2022-05-07 01:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-24 15:31 - 2022-05-07 01:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-24 15:31 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\SysWOW64\WCN
2024-02-24 15:31 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\system32\WCN
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\system32\F12
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Sysprep
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\migwiz
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\IME
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-24 15:31 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-24 15:31 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\servicing
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\SysWOW64\winrm
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\system32\winrm
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\system32\slmgr
2024-02-24 15:23 - 2022-05-07 01:01 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\system32\dsc
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2024-02-24 15:23 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Com
2024-02-24 14:53 - 2023-06-02 17:30 - 000000000 ____D C:\Windows\Panther
2024-02-24 14:45 - 2023-09-08 00:32 - 000000000 ____D C:\ProgramData\A-Volute
2024-02-24 14:44 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\appcompat
2024-02-24 14:37 - 2023-06-02 16:57 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-24 14:37 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-24 14:36 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-22 10:49 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-22 10:47 - 2023-09-08 12:33 - 000000000 ____D C:\ProgramData\Norton
2024-02-22 10:47 - 2022-05-07 00:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-22 10:38 - 2023-06-02 16:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-22 10:32 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\system32\UNP
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemApps
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\vi-VN
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\lv-LV
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\lt-LT
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\id-ID
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\gl-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\eu-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\et-EE
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\es-MX
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\DDFs
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\ca-ES
2024-02-22 10:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\DiagTrack
2024-02-22 10:25 - 2022-05-07 01:10 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-02-22 10:25 - 2022-05-07 00:25 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-02-22 10:25 - 2022-05-07 00:24 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-02-22 10:04 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-21 21:02 - 2023-06-02 16:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-21 21:02 - 2023-06-02 16:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-21 21:01 - 2023-09-08 12:22 - 000000000 ____D C:\ProgramData\MSI
2024-02-21 21:01 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-21 20:59 - 2023-06-02 16:32 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by imver (29-02-2024 13:39:49)
Running from C:\Users\imver\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2024-02-22 02:01:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3731549638-1745586254-840529321-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3731549638-1745586254-840529321-503 - Limited - Disabled)
Guest (S-1-5-21-3731549638-1745586254-840529321-501 - Limited - Disabled)
imver (S-1-5-21-3731549638-1745586254-840529321-1001 - Administrator - Enabled) => C:\Users\imver
WDAGUtilityAccount (S-1-5-21-3731549638-1745586254-840529321-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.01.25.342 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.124 - Advanced Micro Devices, Inc.) Hidden
AMD Interface Driver (HKLM-x32\...\{6118E908-9B3B-4258-B7C2-7DEEA5A65A85}) (Version: 2.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD MicroPEP Driver (HKLM-x32\...\{C36029EB-19FF-4462-A283-03B41BE9EFA4}) (Version: 1.0.42.0 - Advanced Micro Devices, Inc.) Hidden
AMD PMF-7040Series Driver (HKLM-x32\...\{21E4BCC6-EDE6-4FCF-8D96-D13FD87E730C}) (Version: 23.2.3.0 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.27 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.26.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.1.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{42e5a8d4-8fb0-48a1-9063-fc159c7566a0}) (Version: 6.01.25.342 - Advanced Micro Devices, Inc.) Hidden
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
EVGA Unleash RGB (HKLM\...\EVGA Unleash RGB) (Version: 1.0.25.0 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.70 - Google LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\OneDriveSetup.exe) (Version: 24.025.0204.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2024.0202.01 - MSI)
MSI NBFoundation Service (HKLM-x32\...\{640EFA76-B899-476B-B2DF-D0CCF11D6083}}_is1) (Version: 2.0.2402.0201 - MSI)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9468.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.10.0720.2022 - Realtek)
RyzenMasterSDK (HKLM\...\{D429249D-F2E2-4196-8AEE-951D2A9E6FBA}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
 
Packages:
=========
 
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2024-02-24] (Advanced Micro Devices Inc.)
Cosmic Beauty -> C:\Program Files\WindowsApps\Microsoft.CosmicBeauty_1.0.0.0_neutral__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.24.0_x64__w1wdnht996qgy [2024-02-24] (LinkedIn) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21027.539.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2402.2.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.32.0_x64__kzh8wxbdkxb8p [2024-02-24] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.17.0_x64__kzh8wxbdkxb8p [2024-02-24] (MICRO-STAR INTERNATIONAL CO., LTD)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm [2024-02-24] (A-Volute)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.50.319.0_x64__dt26b99r8h8gj [2024-02-25] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-25] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3731549638-1745586254-840529321-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\imver\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-24] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\imver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 172.16.28.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D8CD8E90-2331-4AAC-847B-5A9D0541A9AB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79888212-058A-45E8-AA82-374F366DE632}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{81DE15C8-9277-436D-8ACD-15371363A7D2}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{0B1B4DDE-9B10-4076-B9B6-13C47CE22E3F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E0B7340-E625-4793-AFFE-F0F11F56B860}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BAD13791-18BC-4276-855E-C534F3168C94}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3FE37BA5-426C-4F99-BF24-9BEE54012937}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3727D765-DF08-467C-9FA5-39C40B49299C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9F50E9BA-04BF-48FA-AE66-123E0E02D19F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F345BD96-7D61-48BC-BC41-871FC8E0AA70}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E9E77A22-E3D9-4F31-B245-012D4434A3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program 2\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{F103779F-A40D-41BC-8E00-22201E2655AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program 2\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{79B270D2-BF32-447B-A501-6049B9428941}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7404534F-9EAF-4C5E-8419-BD0EB6ED53ED}] => (Allow) LPort=32683
FirewallRules: [{1B053A4F-DB2E-4B9B-B0BC-D03F37EEF5C0}] => (Allow) LPort=26822
 
==================== Restore Points =========================
 
24-02-2024 14:53:46 Language Pack Removal
28-02-2024 20:54:35 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/28/2024 05:14:56 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/27/2024 02:29:52 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/26/2024 02:32:57 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SystemSettings.exe version 10.0.22621.3085 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (02/25/2024 06:21:21 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/24/2024 02:26:39 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/24/2024 02:26:30 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: WindowsPackageManagerServer.exe, version: 1.17.2203.10001, time stamp: 0x622a8641
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x22ac
Faulting application start time: 0x0x1da67575dd4cec0
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: 1fb33bd9-6c57-4242-a1fb-1aadcc89f492
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget
 
Error: (02/22/2024 11:00:33 AM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: WindowsPackageManagerServer.exe, version: 1.17.2203.10001, time stamp: 0x622a8641
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x3acc
Faulting application start time: 0x0x1da65a843e5b493
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: 6122c8cf-fc33-4ac7-8575-533302ba02e2
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget
 
Error: (02/22/2024 10:53:10 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\MSI$ via https://MSFT-KeyId-eef8218c2041947588930b6845839c85cde73857.microsoftaik.azure.net/templates/Aik/scep failed:
 
GetCACaps
 
Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
 
 
System errors:
=============
Error: (02/28/2024 08:54:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Realtek - SoftwareComponent - 1.0.693.0.
 
Error: (02/28/2024 08:42:46 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (60:c5:e6:a8:77:db) failed.
 
Error: (02/28/2024 08:42:41 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (60:c5:e6:a8:77:db) failed.
 
Error: (02/28/2024 08:42:09 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (60:c5:e6:a8:77:db) failed.
 
Error: (02/28/2024 08:42:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:14:31 PM on ‎2/‎28/‎2024 was unexpected.
 
Error: (02/28/2024 08:41:57 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 247) (User: NT AUTHORITY)
Description: 32212254870
 
Error: (02/28/2024 08:38:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 86) (User: )
Description: 9\_TZ.THRM2024-02-29T01:38:58.4958208Z373
 
Error: (02/28/2024 05:14:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:15:41 PM on ‎2/‎28/‎2024 was unexpected.
 
 
Windows Defender:
================Event[0]
 
Date: 2024-02-22 10:52:14
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. 
 
CodeIntegrity:
===============
Date: 2024-02-22 10:46:56
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.10.9\symamsi.dll that did not meet the Microsoft signing level requirements. 
 
Date: 2024-02-22 10:42:59
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.10.9\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2024-02-22 10:40:05
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.10.9\symamsi.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. E158PAMS.301 08/21/2023
Motherboard: Micro-Star International Co., Ltd. MS-158P
Processor: AMD Ryzen 7 7840HS w/ Radeon 780M Graphics 
Percentage of memory in use: 41%
Total physical RAM: 31924.43 MB
Available physical RAM: 18743.37 MB
Total Virtual: 37044.43 MB
Available Virtual: 20014.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:933.17 GB) (Free:805.47 GB) (Model: SAMSUNG MZVL41T0HBLB-00BTW) NTFS
 
\\?\Volume{0a50f565-4a31-4193-9d61-298c5f381ee5}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.28 GB) NTFS
\\?\Volume{7ce8a743-152a-4d2c-93ba-28cee21c7e62}\ (BIOS_RVY) (Fixed) (Total:19.41 GB) (Free:0.69 GB) NTFS
\\?\Volume{e3eaf2ff-8e67-4983-8d1d-471eed39b428}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 24F81220)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 29 February 2024 - 08:45 PM

Please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Edge
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File 
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Uninstall 24.020.0128.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\24.020.0128.0003" [0 2024-02-29] () <==== ATTENTION [zero byte File/Folder] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 01 March 2024 - 12:10 PM

The FRST forced restart of my laptop failed, and it remained shut off. Pressing the power button would lead to the power lighting up for a second, before turning off again, with the screen remaining off. On the third attempt, I was directed to Windows diagnostic for a failed boot. A fourth restart successfully booted me into Windows. These are the contents of the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by imver (01-03-2024 11:00:17) Run:1
Running from C:\Users\imver\Downloads
Loaded Profiles: imver
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Edge
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No
File 
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
HKU\S-1-5-21-3731549638-1745586254-840529321-1001\...\RunOnce: [Uninstall 24.020.0128.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\imver\AppData\Local\Microsoft\OneDrive\24.020.0128.0003" [0 2024-02-29] () <==== ATTENTION [zero byte File/Folder] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
 
========= Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess =========
 
 
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                                                  
-------  ------    -----      -----     ------     --  -- -----------                                                  
      0       0       60          8                 0   0 Idle                                                         
 
 
 
========= End of Powershell: =========
 
 
========= Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess =========
 
Get-NetTCPConnection : No MSFT_NetTCPConnection objects found with property 'LocalPort' equal to '26822'.  Verify the 
value of the property and retry.
At C:\FRST\tmp.ps1:1 char:18
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (26822:UInt16) [Get-NetTCPConnection], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_LocalPort,Get-NetTCPConnection
 
Get-Process : Cannot bind argument to parameter 'Id' because it is null.
At C:\FRST\tmp.ps1:1 char:17
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-Process], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetProcessC 
   ommand
 
 
========= End of Powershell: =========
 
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox" => not found
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" => not found
"HKU\S-1-5-21-3731549638-1745586254-840529321-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3731549638-1745586254-840529321-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKU\S-1-5-21-3731549638-1745586254-840529321-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 24.020.0128.0003" => not found
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3155
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 11:01:55 ====

#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 01:25 PM

Please do this.

===================================================

Startup Repair

----------
  • Click Start, type Change advanced, then select Change advanced startup options
  • Click Restart now
  • When the system reboots select Troubleshoot
  • Select Advanced Options
  • Select Startup Repair
  • If you are notified the repair can't be completed let me know
  • When completed check your startup process
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: type "C:\Windows\System32\LogFiles\Srt\SrtTrail.txt"
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Startup Repair run successfully?
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#10 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 01 March 2024 - 02:27 PM

Windows notified me that startup repair could not be completed. Here is the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by imver (01-03-2024 14:26:01) Run:2
Running from C:\Users\imver\Downloads
Loaded Profiles: imver
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
cmd: type "C:\Windows\System32\LogFiles\Srt\SrtTrail.txt"
End::
*****************
 
 
========= type "C:\Windows\System32\LogFiles\Srt\SrtTrail.txt" =========
 
Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎3/‎1/‎2024 7:19:52 PM (GMT)
Number of repair attempts: 1
 
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 109 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 32 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Check for installed LCU
Result: Completed successfully. Error code =  0x0
Time taken = 3594 ms
 
Test Performed: 
---------------------------
Name: Check for installed driver updates
Result: Completed successfully. Error code =  0x0
Time taken = 515 ms
 
Test Performed: 
---------------------------
Name: Check for pending package install
Result: Completed successfully. Error code =  0x0
Time taken = 1641 ms
 
Test Performed: 
---------------------------
Name: Boot status test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Boot status indicates that the OS booted successfully.
 
---------------------------
---------------------------
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:26:01 ====

#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 02 March 2024 - 11:02 AM

Since your issue is not malware related I may end up referring you to a more appropriate forum. Before doing that, please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
StartBatch:
wevtutil epl System %userprofile%\Desktop\SystemLog.evtx
wevtutil epl Application %userprofile%\Desktop\ApplicationLog.evtx
EndBatch:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Please zip and upload the SystemLog.evtx and ApplicationLog.evtx files located on your Desktop to GoFile, WeTransfer, or the file hosting site of your choice. Send me a Personal Message with the download link.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Download links via Personal Message

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 02 March 2024 - 04:53 PM

Thank you for the reports and additional information.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: systeminfo
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#13 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 02 March 2024 - 05:19 PM

I've censored my email because I don't particularly want to expose it to the internet. Here's the remainder of the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by imver (02-03-2024 17:15:38) Run:4
Running from C:\Users\imver\Downloads
Loaded Profiles: imver
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
cmd: systeminfo
End::
*****************
 
 
========= systeminfo =========
 
 
Host Name:                 MSI
OS Name:                   Microsoft Windows 11 Home
OS Version:                10.0.22631 N/A Build 22631
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          ***********@gmail.com
Registered Organization:   
Product ID:                00342-21122-62660-AAOEM
Original Install Date:     2/21/2024, 9:01:33 PM
System Boot Time:          3/2/2024, 4:15:30 PM
System Manufacturer:       Micro-Star International Co., Ltd.
System Model:              Bravo 15 B7EDP
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: AMD64 Family 25 Model 116 Stepping 1 AuthenticAMD ~2516 Mhz
BIOS Version:              American Megatrends International, LLC. E158PAMS.301, 8/21/2023
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory:     31,924 MB
Available Physical Memory: 22,376 MB
Virtual Memory: Max Size:  33,972 MB
Virtual Memory: Available: 21,355 MB
Virtual Memory: In Use:    12,617 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\MSI
Hotfix(s):                 6 Hotfix(s) Installed.
                           [01]: KB5034467
                           [02]: KB5027397
                           [03]: KB5031274
                           [04]: KB5033055
                           [05]: KB5034765
                           [06]: KB5034225
Network Card(s):           3 NIC(s) Installed.
                           [01]: Realtek PCIe GbE Family Controller
                                 Connection Name: Ethernet
                                 Status:          Media disconnected
                           [02]: RZ608 Wi-Fi 6E 80MHz
                                 Connection Name: Wi-Fi
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.1.1
                                 IP address(es)
                                 [01]: 192.168.1.107
                                 [02]: fe80::1d9d:d22a:e008:24e4
                           [03]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection
                                 Status:          Media disconnected
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 17:15:40 ====

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 02 March 2024 - 06:09 PM

Thank you for your diligence.
 

Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Unfortunately we didn't get the information I was looking for.

Please do this.

===================================================

Checking Windows Virtualization Status

--------------------
  • Windows Key + R at the same time
  • Type taskmgr and hit Enter
  • Click on the Performance tab (3rd icon down under 3 horizontal bars near upper left hand corner of screen)
  • Select CPU
  • Under the graph check to see if Virtualization is Enabled
  • Report the setting in your reply
===================================================

Things I would like to see in your next reply.
  • Virtualization Enabled?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#15 Burritowel

Burritowel
  • Topic Starter

  • Avatar image
  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 02 March 2024 - 07:32 PM

Virtualization is enabled.


Back to Virus, Trojan, Spyware, and Malware Removal Help


4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·