Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Proxy Middleman up to a Bootkit, with the help of Active Directory

Started by dburk1979 , Mar 03 2024 02:42 PM

  • Please log in to reply
1 reply to this topic

#1 dburk1979

dburk1979

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:58 PM

Posted 03 March 2024 - 02:42 PM

Hello,

 

My name is Davis, and I have a problem.  I hope that someone/anyone can help make some suggestions.  We have 4 desktop PCs on the home network.  All are infected possibly.  This one,  a Dell XPS 8950 Desktop PC.  A few symptoms I noticed initially were sudden new installations of drivers in Windows 11 Device Manager.  Things that had never been there previously, they mostly included "enumerated" and "virtual" in their names.  Such as "Virtual Drive Enumerator" and "UM Bus Root Bus Enumerator", and "Remote Desktop Device Redirector Bus".  Those along with several new entries in the System Devices dealing with Intel that were new.  And many others.  

 

I also noticed that I was having to double click or click icons at least twice to open links and desktop shortcuts--where in the past one click or one "double  click" easily opened them.  As things progress over a week or so, I eventually lose privileges/permissions that I always had if necessary, as I was the only account on the PC, and I was a member of the Administrators group.  Things like being able to open a file in the Windows directory.  To read it.  But as things progressed, I lose access to Control Panel, MMC.exe, command prompt, powershell, etc.  -- with a message of "This app has been blocked for your protection." see attached image.    

 

Initially I notice upon clean install of windows 10 or 11 that I have several certificates in my store that are expired and some that are just plain invalid.  I can research and get a list of them if necessary.  They reappear soon after a clean install (maybe upon first connection to internet), and I've tried to clean install this machine at least 20 times over the past year.  I flash the bios with a Dell Bios image upgrade or a recovery image flash process.  But I think most of the problems are getting held over in an X: drive even when I wipe the main Drive clean with diskpart clean all.  I believe the malicious files are copied into the ESD boot fat32 efi partition, and upon reboot the process begins again.  

 

 

I'm so sorry for this seemingly overwritten post.   But I have spent the better part of a year tryhing to learn about dealing with such matters.  In the past, a wipe and clean simply solved my problem.  I usually use Macrium to image to 2 different external HDs, but those images have all become corrupted as soon as they got hooked up to any of our PCs here on our home network.   I think the network has been compromised as well due to recent performance decrease, but I'm not smart enough to diagnose, much less, clean an Orbi 863B mesh system.  All I can tell you about Orbi is the hardware is good, but the software is Bad, and the support is Really Bad.   Same for Dell pcs.   And Dell "proprietary" software.   

 

I will paste first and additional txt files below.   Thank you so much for your suggestions.   I really love this site, and I'd love to be able to give back and volunteer to be a part of it someday.  

 

Davis

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by Davis Burk (administrator) on DELL-XPS-DB (Dell Inc. XPS 8950) (03-03-2024 12:40:19)
Running from C:\Users\Davis Burk\Desktop\FRST64.exe
Loaded Profiles: Davis Burk
Platform: Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.MouseWithoutBordersHelper.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe <7>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_helper.exe
(DriverStore\FileRepository\u0394958.inf_amd64_84ed909778655775\B394313\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394958.inf_amd64_84ed909778655775\B394313\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesSvc64.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394958.inf_amd64_84ed909778655775\B394313\atiesrxx.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_19ebb84aa5e0e049\Intel_PIE_Service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Run: [OneDrive] => "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (No File)
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2021-06-14] (OpenVPN) [File not signed]
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Run: [XDM] => "C:\Program Files (x86)\XDM\java-runtime\bin\javaw.exe" -jar "C:\Program Files (x86)\XDM\xdman.jar" -m [4589960 2020-05-21] () [File not signed]
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-02] (Google LLC -> Google LLC)
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {ECDDD7F9-E3C0-486D-ACA1-EF3D9DB44C78} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5368904 2024-03-03] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {105007D4-9657-439A-8123-C2D219DF5D80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {88CF7ED9-49B9-4289-B3B4-4BEB1E4DC399} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E38C4E66-9E4D-40B1-9DE4-6F52CAC0A736} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {506E1587-7A1B-4793-953E-AC578ED2A4BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3706E0D-8F7E-47B2-900D-4AE2E3DCA338} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1754665566-3791049750-1316374702-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-13] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {19284D7F-508A-404B-A5A9-650A61A3D0D7} - System32\Tasks\PowerToys\Autorun for Davis Burk => C:\Program Files\PowerToys\PowerToys.exe [1224112 2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{94d416d9-268f-43bd-b6c6-fec6d5575e46}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{d42388e3-8366-4f21-9f48-bfec96e3ae3d}: [DhcpNameServer] 10.0.0.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-03]
Edge Extension: (DuckDuckGo) - C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-03-02]
Edge Extension: (NordVPN - the Fastest VPN proxy for privacy) - C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fphgeikpdcdcheaochkhldmnfblfogla [2024-03-02]
Edge Extension: (Dark Reader) - C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifoakfbpdcdoeenechcleahebpibofpc [2024-03-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-01]
Edge Extension: (uBlock Origin) - C:\Users\Davis Burk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-03-02]
Edge HKLM-x32\...\Edge\Extension: [fphgeikpdcdcheaochkhldmnfblfogla]
 
FireFox:
========
FF DefaultProfile: i58kp3wq.default
FF ProfilePath: C:\Users\Davis Burk\AppData\Roaming\Mozilla\Firefox\Profiles\i58kp3wq.default [2024-03-03]
FF ProfilePath: C:\Users\Davis Burk\AppData\Roaming\Mozilla\Firefox\Profiles\y7lo43cm.default-release [2024-03-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Davis Burk\AppData\Local\Google\Chrome\User Data\Default [2024-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Davis Burk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Davis Burk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1623661264483.exe [3194368 2021-06-14] () [File not signed]
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_uf.exe [2411160 2021-07-13] (Intel Corporation -> Intel Corporation)
S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78088 2023-07-13] (Intel Corporation -> Intel® Corporation)
S3 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2480944 2023-07-13] (Intel Corporation -> Intel)
S3 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2981168 2023-07-13] (Intel Corporation -> Intel)
S4 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2023-07-13] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-03-02] (Malwarebytes Inc. -> Malwarebytes)
R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-12-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S4 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3019776 2021-06-14] () [File not signed]
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0394958.inf_amd64_84ed909778655775\B394313\amdkmdag.sys [99746272 2023-08-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 e3k25cx21x64; C:\Windows\System32\DriverStore\FileRepository\e3k25cx21x64.inf_amd64_2187e0f3da9ad764\e3k25cx21x64.sys [717144 2023-05-09] (Realtek Semiconductor Corp. -> Realtek)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_e11257f05c0c2f89\iaLPSS2_GPIO2_ADL.sys [139928 2021-07-29] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_778b19a5f4d49cba\iaLPSS2_I2C_ADL.sys [202896 2021-07-29] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_d2f51baade1b0161\iaLPSS2_UART2_ADL.sys [318624 2021-07-29] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87200 2022-01-11] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_cpu.sys [79512 2021-07-13] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_661f1eb27bd1743c\ipf_lf.sys [422544 2021-07-13] (Intel Corporation -> Intel Corporation)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [209200 2023-07-13] (Intel Corporation -> Rivet Networks, LLC.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsleac06d77; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61657A65-00D3-43B4-A16B-16D528171E3D}\MpKslDrv.sys [272664 2024-03-03] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.19.4.0\Drivers\NDivert.sys [131472 2024-01-10] (nordvpn s.a. -> Nordvpn S.A.)
R4 NordDivert10; C:\Program Files\NordVPN\NordSec ThreatProtection\1.4.19.23\NordDivert1064.sys [101240 2024-02-14] (nordvpn s.a. -> NordVPN/Basil)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2024-01-18] (nordvpn s.a. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2024-01-29] (nordvpn s.a. -> The OpenVPN Project)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21040 2024-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [608648 2024-03-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-02] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-03 12:40 - 2024-03-03 12:40 - 000019538 _____ C:\Users\Davis Burk\Desktop\FRST.txt
2024-03-03 12:40 - 2024-03-03 12:40 - 000000000 ____D C:\FRST
2024-03-03 12:38 - 2024-03-03 12:36 - 002386944 _____ (Farbar) C:\Users\Davis Burk\Desktop\FRST64.exe
2024-03-03 12:36 - 2024-03-03 12:36 - 002386944 _____ (Farbar) C:\Users\Davis Burk\Downloads\FRST64.exe
2024-03-03 10:48 - 2024-03-03 11:08 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-03-03 10:03 - 2024-03-03 10:03 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-03-03 09:03 - 2024-03-03 09:04 - 000000000 ____D C:\Windows\system32\MRT
2024-03-03 03:50 - 2024-03-03 03:50 - 000020023 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-03 03:49 - 2024-03-03 03:49 - 000020023 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-03-03 03:48 - 2024-03-03 03:48 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-03-03 03:46 - 2024-03-03 03:46 - 000001825 _____ C:\Users\Davis Burk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk
2024-03-03 03:37 - 2024-03-03 03:05 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts_PowerToysBackup_20240303033709
2024-03-03 03:36 - 2024-03-03 03:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-03-03 03:36 - 2023-11-02 01:52 - 000300016 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2024-03-03 03:36 - 2023-11-02 01:52 - 000253424 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2024-03-03 03:35 - 2023-11-01 23:26 - 006333912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-03-03 03:16 - 2024-03-03 03:16 - 000000000 ____D C:\Users\Davis Burk\New folder
2024-03-03 03:16 - 2024-03-03 03:16 - 000000000 ____D C:\Dell
2024-03-03 03:14 - 2024-03-03 03:14 - 000000000 ____D C:\Users\Davis Burk\Intel
2024-03-03 03:14 - 2024-03-03 03:14 - 000000000 ____D C:\Program Files\Intel
2024-03-03 03:09 - 2024-03-03 03:09 - 000000000 ____D C:\Users\Davis Burk\AppData\LocalLow\AMD
2024-03-03 03:07 - 2024-03-03 03:25 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\AMD
2024-03-03 03:07 - 2024-03-03 03:07 - 000000000 ____D C:\Windows\system32\AMD
2024-03-03 03:07 - 2024-03-03 03:07 - 000000000 ____D C:\Program Files\AMD
2024-03-03 03:07 - 2023-08-16 04:57 - 000842624 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-03-03 03:07 - 2023-08-16 04:57 - 000842624 _____ C:\Windows\system32\vulkaninfo.exe
2024-03-03 03:07 - 2023-08-16 04:57 - 000725008 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-03-03 03:07 - 2023-08-16 04:57 - 000725008 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-03-03 03:07 - 2023-08-16 04:57 - 000678408 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000678408 _____ C:\Windows\system32\vulkan-1.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000662848 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000662848 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000548776 _____ C:\Windows\system32\libsmi_guest.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000541600 _____ C:\Windows\system32\libsmi_host.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000206760 _____ C:\Windows\system32\mantle64.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000185768 _____ C:\Windows\system32\mantleaxl64.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000163344 _____ C:\Windows\SysWOW64\mantle32.dll
2024-03-03 03:07 - 2023-08-16 04:57 - 000147472 _____ C:\Windows\SysWOW64\mantleaxl32.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 002083240 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 001602472 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 001602472 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000959352 _____ (AMD) C:\Windows\system32\atieclxx.exe
2024-03-03 03:07 - 2023-08-16 04:56 - 000606224 _____ C:\Windows\system32\GameManager64.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000535424 _____ C:\Windows\system32\atieah64.exe
2024-03-03 03:07 - 2023-08-16 04:56 - 000502240 _____ C:\Windows\system32\EEURestart.exe
2024-03-03 03:07 - 2023-08-16 04:56 - 000472952 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000459792 _____ C:\Windows\SysWOW64\GameManager32.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000404344 _____ C:\Windows\SysWOW64\atieah32.exe
2024-03-03 03:07 - 2023-08-16 04:56 - 000266104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000226680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000210096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000196064 _____ (AMD) C:\Windows\system32\atimuixx.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000183776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000172984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000146808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000142248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000118184 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2024-03-03 03:07 - 2023-08-16 04:56 - 000074664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 011756424 _____ C:\Windows\system32\amdsmi.exe
2024-03-03 03:07 - 2023-08-16 04:55 - 004385248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 004189560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 002186256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 001314680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 001039328 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000943632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000801296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000771088 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000678304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000568184 _____ C:\Windows\system32\amdgfxinfo64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000542120 _____ C:\Windows\system32\dgtrayicon.exe
2024-03-03 03:07 - 2023-08-16 04:55 - 000470952 _____ C:\Windows\system32\amdlogum.exe
2024-03-03 03:07 - 2023-08-16 04:55 - 000431992 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000231736 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000187416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000167040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000156624 _____ C:\Windows\system32\atidxx64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000138256 _____ C:\Windows\system32\amdxc64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000136480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000129744 _____ C:\Windows\SysWOW64\atidxx32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000113576 _____ C:\Windows\SysWOW64\amdxc32.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000051168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2024-03-03 03:07 - 2023-08-16 04:55 - 000048096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 105784232 _____ C:\Windows\system32\amd_comgr.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 089154464 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 016643496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 001725496 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 001400008 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000567696 _____ C:\Windows\system32\amdmiracast.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000524200 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000389536 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000360872 _____ C:\Windows\system32\clinfo.exe
2024-03-03 03:07 - 2023-08-16 04:54 - 000176552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000166992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000145320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2024-03-03 03:07 - 2023-08-16 04:54 - 000136432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2024-03-03 03:07 - 2023-08-16 04:53 - 000176912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2024-03-03 03:07 - 2023-08-16 04:53 - 000151064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2024-03-03 03:07 - 2023-08-16 04:19 - 103840760 _____ C:\Windows\system32\amdxc64.so
2024-03-03 03:07 - 2023-08-16 04:19 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2024-03-03 03:07 - 2023-08-16 04:19 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2024-03-03 03:07 - 2023-08-16 04:19 - 000128048 _____ C:\Windows\system32\kapp_ci.sbin
2024-03-03 03:07 - 2023-08-16 04:19 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2024-03-03 03:06 - 2024-03-03 03:06 - 000000000 ____D C:\ProgramData\Dell
2024-03-03 03:05 - 2024-03-03 03:05 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2024-03-03 03:04 - 2024-03-03 03:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_ipf_umdf2_02_00_00.Wdf
2024-03-03 02:52 - 2024-03-03 03:46 - 000000000 ____D C:\Program Files\Waves
2024-03-03 02:52 - 2024-03-03 02:52 - 000000000 ____D C:\ProgramData\Waves
2024-03-03 02:51 - 2024-03-03 02:51 - 000000000 ____D C:\Windows\system32\Drivers\RivetNetworks
2024-03-03 02:51 - 2024-03-03 02:51 - 000000000 ____D C:\ProgramData\RivetNetworks
2024-03-03 02:36 - 2024-03-03 02:36 - 000001399 _____ C:\Windows\system32\WinUtil.lnk
2024-03-03 02:34 - 2024-03-03 02:34 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\OO Software
2024-03-03 02:26 - 2024-03-03 12:38 - 000118766 _____ C:\Windows\ntbtlog.txt
2024-03-03 02:26 - 2024-03-03 02:26 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\CrashDumps
2024-03-03 02:25 - 2024-03-03 02:25 - 000000000 ____D C:\Windows\pss
2024-03-02 19:20 - 2024-03-03 11:32 - 000001447 _____ C:\Users\Davis Burk\Desktop\WinUtil.lnk
2024-03-02 19:10 - 2024-03-02 19:10 - 000000000 ____D C:\Users\Davis Burk\Documents\PowerToys
2024-03-02 17:00 - 2024-03-02 17:00 - 000029248 _____ C:\Users\Davis Burk\Downloads\MTB.txt
2024-03-02 16:59 - 2024-03-02 16:59 - 000956928 _____ (Farbar) C:\Users\Davis Burk\Downloads\MiniToolBox.exe
2024-03-02 16:54 - 2024-03-03 11:58 - 000000000 ____D C:\Program Files\NordVPN
2024-03-02 16:54 - 2024-03-02 19:25 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\NordVPN
2024-03-02 16:54 - 2024-03-02 19:25 - 000000000 ____D C:\ProgramData\NordVPN
2024-03-02 16:54 - 2024-03-02 16:54 - 000001778 _____ C:\Users\Public\Desktop\NordVPN.lnk
2024-03-02 16:54 - 2024-03-02 16:54 - 000000000 ____D C:\ProgramData\NordUpdater
2024-03-02 16:54 - 2024-03-02 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2024-03-02 16:54 - 2024-03-02 16:54 - 000000000 ____D C:\Program Files\NordUpdater
2024-03-02 16:54 - 2024-01-29 17:57 - 000049744 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapnordvpn.sys
2024-03-02 16:54 - 2024-01-18 13:35 - 000044928 _____ (TEFINCOM S.A.) C:\Windows\system32\Drivers\nordlwf.sys
2024-03-02 16:54 - 2023-03-23 14:52 - 000041024 _____ (TEFINCOM S.A.) C:\Windows\Nord.Setup.dll
2024-03-02 16:48 - 2024-03-02 16:48 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Google
2024-03-02 16:45 - 2024-03-02 19:17 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\RustDesk
2024-03-02 16:45 - 2024-03-02 19:17 - 000000000 ____D C:\Users\Davis Burk\.xdman
2024-03-02 16:45 - 2024-03-02 16:45 - 000002125 _____ C:\Users\Public\Desktop\Xtreme Download Manager.lnk
2024-03-02 16:45 - 2024-03-02 16:45 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2024-03-02 16:45 - 2024-03-02 16:45 - 000001000 _____ C:\Users\Public\Desktop\RustDesk.lnk
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Users\Davis Burk\Downloads\Video
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Users\Davis Burk\Downloads\Compressed
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtreme Download Manager
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RustDesk
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Program Files\RustDesk
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Program Files (x86)\XDM
2024-03-02 16:44 - 2024-03-03 00:54 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\OpenVPN Connect
2024-03-02 16:44 - 2024-03-02 16:47 - 000000000 ____D C:\Program Files\HWiNFO64
2024-03-02 16:44 - 2024-03-02 16:44 - 000002056 _____ C:\Users\Public\Desktop\OpenVPN Connect.lnk
2024-03-02 16:44 - 2024-03-02 16:44 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\rustdesk
2024-03-02 16:44 - 2024-03-02 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect
2024-03-02 16:44 - 2024-03-02 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2024-03-02 16:44 - 2024-03-02 16:44 - 000000000 ____D C:\Program Files\OpenVPN Connect
2024-03-02 16:43 - 2024-03-03 12:00 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Malwarebytes
2024-03-02 16:43 - 2024-03-02 16:43 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-03-02 16:43 - 2024-03-02 16:43 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-03-02 16:43 - 2024-03-02 16:43 - 000001830 _____ C:\Users\Davis Burk\Desktop\CrystalDiskInfo.lnk
2024-03-02 16:43 - 2024-03-02 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2024-03-02 16:43 - 2024-03-02 16:43 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2024-03-02 16:42 - 2024-03-02 16:42 - 000000855 _____ C:\Users\Public\Desktop\HeidiSQL.lnk
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\Users\Public\Documents\HeidiSQL
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeidiSQL
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\Program Files\nu
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-02 16:42 - 2024-03-02 16:42 - 000000000 ____D C:\Program Files\HeidiSQL
2024-03-02 16:41 - 2024-03-02 16:41 - 000001843 _____ C:\Users\Davis Burk\Desktop\CrystalDiskMark 8.lnk
2024-03-02 16:41 - 2024-03-02 16:41 - 000000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld.lnk
2024-03-02 16:41 - 2024-03-02 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dual Monitor Tools
2024-03-02 16:41 - 2024-03-02 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark8
2024-03-02 16:41 - 2024-03-02 16:41 - 000000000 ____D C:\Program Files\Meld
2024-03-02 16:41 - 2024-03-02 16:41 - 000000000 ____D C:\Program Files\CrystalDiskMark8
2024-03-02 16:41 - 2024-03-02 16:41 - 000000000 ____D C:\Program Files (x86)\Dual Monitor Tools
2024-03-02 16:40 - 2024-03-02 16:40 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EFI Boot Editor
2024-03-02 16:40 - 2024-03-02 16:40 - 000000000 ____D C:\Program Files\EFIBootEditor
2024-03-02 16:40 - 2024-03-02 16:40 - 000000000 ____D C:\Program Files (x86)\WinGet
2024-03-02 16:28 - 2024-03-03 10:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-02 16:28 - 2024-03-02 17:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-03-02 16:28 - 2024-03-02 16:28 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-03-02 16:28 - 2024-03-02 16:28 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-02 16:28 - 2024-03-02 16:28 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-03-02 16:28 - 2024-03-02 16:28 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Mozilla
2024-03-02 16:28 - 2024-03-02 16:28 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Mozilla
2024-03-02 16:28 - 2024-03-02 16:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-02 16:26 - 2024-03-02 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2024-03-02 16:25 - 2024-03-02 16:25 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\ToastNotificationManagerCompat
2024-03-02 16:25 - 2024-03-02 16:25 - 000000000 ____D C:\Program Files\PowerShell
2024-03-02 16:24 - 2024-03-03 11:23 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2024-03-02 16:24 - 2024-03-02 16:25 - 000000000 ____D C:\Program Files\PowerToys
2024-03-02 16:24 - 2024-03-02 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-03-02 16:22 - 2024-03-03 03:14 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-02 16:22 - 2024-03-02 16:22 - 000000000 ____D C:\Program Files\WinGet
2024-03-02 16:21 - 2024-03-02 16:21 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-02 16:21 - 2024-03-02 16:21 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-02 16:21 - 2024-03-02 16:21 - 000000000 ____D C:\Program Files\Google
2024-03-02 16:06 - 2024-03-03 00:55 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\MMC
2024-03-02 15:44 - 2024-03-02 15:44 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Microsoft_Corporation
2024-03-02 15:22 - 2024-03-02 15:22 - 000007856 _____ C:\Users\Davis Burk\Downloads\WindowsDefenderATPOnboardingPackage (1).zip
2024-03-02 15:22 - 2024-03-02 15:22 - 000000000 ____D C:\Users\Davis Burk\Downloads\WindowsDefenderATPOnboardingPackage (1)
2024-03-02 15:19 - 2024-03-02 15:19 - 000007856 _____ C:\Users\Davis Burk\Downloads\WindowsDefenderATPOnboardingPackage.zip
2024-03-02 15:19 - 2024-03-02 15:19 - 000000000 ____D C:\Users\Davis Burk\Downloads\WindowsDefenderATPOnboardingPackage
2024-03-02 15:08 - 2024-03-02 15:08 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2024-03-02 14:50 - 2024-03-03 03:40 - 001744384 _____ (NordVPN ) C:\Users\Davis Burk\Downloads\NordVPNSetup (3).exe
2024-03-02 14:50 - 2024-03-03 03:40 - 001744384 _____ (NordVPN ) C:\Users\Davis Burk\Downloads\NordVPNSetup (2).exe
2024-03-02 14:49 - 2024-03-03 03:40 - 001744384 _____ (NordVPN ) C:\Users\Davis Burk\Downloads\NordVPNSetup (1).exe
2024-03-02 14:44 - 2024-03-02 14:44 - 001744384 _____ (NordVPN ) C:\Users\Davis Burk\Downloads\NordVPNSetup.exe
2024-03-02 14:35 - 2024-03-02 14:35 - 000000749 _____ C:\Users\Davis Burk\Downloads\DuckDuckGo.appinstaller
2024-03-02 02:11 - 2024-03-02 02:11 - 000000000 ____D C:\Windows\SysWOW64\sda
2024-03-01 23:57 - 2024-03-02 19:22 - 000001435 _____ C:\Users\WinUtil.lnk
2024-03-01 23:55 - 2024-03-01 23:55 - 000003658 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-03-01 23:48 - 2024-03-01 23:50 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache
2024-03-01 23:48 - 2024-03-01 23:50 - 000000000 ____D C:\ProgramData\chocolatey
2024-03-01 23:34 - 2024-03-01 23:34 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Publishers
2024-03-01 23:27 - 2024-03-01 23:27 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\ElevatedDiagnostics
2024-03-01 23:22 - 2024-03-01 23:22 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\VirtualStore
2024-03-01 23:22 - 2024-03-01 23:22 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Comms
2024-03-01 23:20 - 2024-03-03 01:48 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\D3DSCache
2024-03-01 23:17 - 2024-03-03 09:31 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\Packages
2024-03-01 23:17 - 2024-03-03 03:24 - 000000000 ____D C:\Users\Davis Burk
2024-03-01 23:17 - 2024-03-02 16:55 - 000000000 ___SD C:\Users\Davis Burk\AppData\Roaming\Microsoft\Credentials
2024-03-01 23:17 - 2024-03-02 15:10 - 000000000 ____D C:\Users\Davis Burk\AppData\Local\ConnectedDevicesPlatform
2024-03-01 23:17 - 2024-03-02 01:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-03-01 23:17 - 2024-03-02 01:03 - 000000000 ___SD C:\Users\Davis Burk\AppData\Roaming\Microsoft\Protect
2024-03-01 23:17 - 2024-03-01 23:46 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\Windows
2024-03-01 23:17 - 2024-03-01 23:20 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\Spelling
2024-03-01 23:17 - 2024-03-01 23:17 - 000000020 ___SH C:\Users\Davis Burk\ntuser.ini
2024-03-01 23:17 - 2024-03-01 23:17 - 000000000 ___SD C:\Users\Davis Burk\AppData\Roaming\Microsoft\SystemCertificates
2024-03-01 23:17 - 2024-03-01 23:17 - 000000000 ___SD C:\Users\Davis Burk\AppData\Roaming\Microsoft\Crypto
2024-03-01 23:17 - 2024-03-01 23:17 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\Vault
2024-03-01 23:17 - 2024-03-01 23:17 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Microsoft\Network
2024-03-01 23:17 - 2024-03-01 23:17 - 000000000 ____D C:\Users\Davis Burk\AppData\Roaming\Adobe
2024-03-01 19:52 - 2024-03-03 11:30 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-03-01 19:48 - 2024-03-03 09:31 - 000000000 ____D C:\ProgramData\Packages
2024-03-01 19:48 - 2024-03-01 19:48 - 000000000 _SHDL C:\Documents and Settings
2024-03-01 19:47 - 2024-03-03 03:57 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-03-01 19:46 - 2024-03-03 11:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-03-01 19:46 - 2024-03-03 03:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-01 19:46 - 2024-03-02 01:20 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-01 19:46 - 2024-03-01 19:48 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-01 19:46 - 2024-03-01 19:48 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-01 19:46 - 2024-03-01 19:48 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-01 19:46 - 2024-03-01 19:48 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-01 19:46 - 2024-03-01 19:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-03-01 19:46 - 2024-03-01 19:46 - 000000000 ____D C:\Windows\system32\config\BFS
2024-03-01 19:46 - 2024-03-01 19:46 - 000000000 ____D C:\Windows\ServiceProfiles
2024-03-01 19:45 - 2024-03-03 03:56 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-03-01 19:45 - 2024-03-03 03:46 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-01 19:45 - 2024-03-02 06:00 - 000000000 ____D C:\Windows\Panther
2024-03-01 19:39 - 2024-03-02 06:01 - 000000000 ____D C:\Windows.old
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-03 12:23 - 2022-05-06 23:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-03 12:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\AppReadiness
2024-03-03 12:23 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-03-03 12:23 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-03 11:37 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SystemTemp
2024-03-03 11:30 - 2022-05-06 23:22 - 000000000 ____D C:\Windows\INF
2024-03-03 11:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ServiceState
2024-03-03 11:15 - 2022-05-06 23:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-03-03 09:04 - 2022-05-06 23:17 - 000000000 ____D C:\Windows\CbsTemp
2024-03-03 03:56 - 2023-12-04 00:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\UUS
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SystemResources
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\setup
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\oobe
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ShellComponents
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\Provisioning
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\BrowserCore
2024-03-03 03:56 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\bcastdvr
2024-03-03 01:29 - 2022-05-06 23:20 - 000243048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2024-03-03 01:29 - 2022-05-06 23:20 - 000111976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcip.sys
2024-03-02 16:43 - 2022-05-06 23:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-03-02 15:43 - 2022-05-06 23:20 - 000520192 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2024-03-02 15:43 - 2022-05-06 23:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2024-03-02 15:43 - 2022-05-06 23:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2024-03-02 15:43 - 2022-05-06 23:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2024-03-02 15:43 - 2022-05-06 23:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2024-03-02 01:20 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-03-02 01:20 - 2022-05-06 23:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-03-02 01:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WebThreatDefSvc
2024-03-01 23:46 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\appcompat
2024-03-01 23:33 - 2022-05-06 23:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-03-01 23:31 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\NDF
2024-03-01 23:05 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-03-01 19:50 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-03-01 19:48 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-03-01 19:48 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\spool
2024-03-01 19:45 - 2022-05-06 23:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Davis Burk (03-03-2024 12:41:51)
Running from C:\Users\Davis Burk\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) (2024-03-02 01:48:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1754665566-3791049750-1316374702-500 - Administrator - Disabled)
Davis Burk (S-1-5-21-1754665566-3791049750-1316374702-1001 - Administrator - Enabled) => C:\Users\Davis Burk
DefaultAccount (S-1-5-21-1754665566-3791049750-1316374702-503 - Limited - Disabled)
Guest (S-1-5-21-1754665566-3791049750-1316374702-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1754665566-3791049750-1316374702-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
bat (HKLM\...\sharkdp.bat_Microsoft.Winget.Source_8wekyb3d8bbwe) (Version: 0.24.0 - David Peter)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
Dual Monitor Tools (HKLM-x32\...\{5BFC92E1-36BB-4997-A336-3C76170BB818}) (Version: 2.8.0.0 - GNE)
EFI Boot Editor (HKLM\...\{3AB4D6EE-1130-46B4-8706-6227CCE63F35}) (Version: 1.4.0.1708718339 - EFIBootEditor)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
HeidiSQL 12.6.0.6765 (HKLM\...\HeidiSQL_is1) (Version: 12.6 - Ansgar Becker)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.72 - Martin Malik, REALiX s.r.o.)
Intel® Chipset Device Software (HKLM\...\{E6CC1C02-638D-44F5-8BAE-E455453F80BA}) (Version: 10.1.19468.8385 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{8af15a1a-f70d-4968-84c0-97df0607c3e6}) (Version: 10.1.19468.8385 - Intel® Corporation)
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
Meld (HKLM\...\{F305FD7B-EE65-4D75-ADB4-A6BD7D5F86B9}) (Version: 3.22.0 - Kai Willadsen)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0 (x64 en-US)) (Version: 123.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 123.0 - Mozilla)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.2.146 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.19.4.0 - Nord Security)
nu (HKLM\...\{122006B4-ACE0-4A8D-8D00-BA659B1617C4}) (Version: 0.90.1 - The Nushell Project Developers)
OpenVPN Connect (HKLM\...\{A3C05382-3570-4D7F-821D-74666EACABDE}) (Version: 3.3.1 - OpenVPN Technologies)
PowerShell 7-x64 (HKLM\...\{B06D1894-3827-4E0C-A092-7DC50BE8B210}) (Version: 7.4.1.0 - Microsoft Corporation)
PowerToys (Preview) (HKLM\...\{E1A5AB2F-313E-43C7-8B6D-057FEB530285}) (Version: 0.78.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{b4eb3fbf-d686-4a9a-a53b-68e2b2301ea3}) (Version: 0.78.0 - Microsoft Corporation)
Process Monitor (HKLM\...\Microsoft.Sysinternals.ProcessMonitor_Microsoft.Winget.Source_8wekyb3d8bbwe) (Version: 3.96 - Microsoft Corporation)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Rufus (HKLM\...\Rufus.Rufus_Microsoft.Winget.Source_8wekyb3d8bbwe) (Version: 4.4 - pbatard)
RustDesk (HKLM\...\RustDesk) (Version: 1.2.3 - RustDesk)
TCPView (HKLM\...\Microsoft.Sysinternals.TCPView_Microsoft.Winget.Source_8wekyb3d8bbwe) (Version: 4.19 - Microsoft Corporation)
Ventoy (HKLM-x32\...\Ventoy.Ventoy_Microsoft.Winget.Source_8wekyb3d8bbwe) (Version: 1.0.97 - Ventoy)
Xtreme Download Manager 2020 (HKLM-x32\...\{2BDF6880-F5BF-42B8-AA50-7A54D26221DD}) (Version: 7.2.11 - subhra Das Gupta)
 
Packages:
=========
 
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1423.712.0_x64__rh07ty8m5nkag [2024-03-03] (INTEL CORP) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft Studios) [MS Ad]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-03] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_0.24012.115.0_x64__cw5n1h2txyewy [2024-03-03] (Microsoft Windows)
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys [2024-03-02] (Microsoft)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2024-03-02] (Microsoft)
Waves MaxxAudio Pro for Dell 2021 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2021_4.0.53.0_x64__fh4rh281wavaa [2024-03-03] (Waves Audio)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-03] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{0827D883-485C-4D62-BA2C-A332DBF3D4B0}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_a3c77f649a16fba5\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> "C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1754665566-3791049750-1316374702-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1754665566-3791049750-1316374702-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1754665566-3791049750-1316374702-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-1754665566-3791049750-1316374702-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Davis Burk\AppData\Local\Microsoft\OneDrive\22.012.0117.0003\FileSyncShell64.dll -> No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Davis Burk\Downloads\NordVPNSetup (1).exe:shield [159]
AlternateDataStreams: C:\Users\Davis Burk\Downloads\NordVPNSetup (2).exe:shield [159]
AlternateDataStreams: C:\Users\Davis Burk\Downloads\NordVPNSetup (3).exe:shield [159]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 23:24 - 2024-03-03 12:38 - 000000926 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
100.106.247.144 davisburk-everest.nord
100.117.110.40 davisburk-alps.nord
100.88.174.15 davisburk-himalayas.nord
 
2024-03-03 10:48 - 2024-03-03 11:08 - 000000438 _____ C:\Windows\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
OpenVPN Tap: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: agent_ovpnconnect => 2
MSCONFIG\Services: BTAGService => 3
MSCONFIG\Services: BthAvctpSvc => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: FrameServerMonitor => 3
MSCONFIG\Services: GameInputSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InventorySvc => 3
MSCONFIG\Services: ipfsvc => 2
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: LxpSvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: ovpnhelper_service => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: WManSvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WpcMonSvc => 3
MSCONFIG\Services: WpnService => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\StartupApproved\Run: => "XDM"
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1754665566-3791049750-1316374702-1001\...\StartupApproved\Run: => "org.openvpn.client"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B2A07674-6A3B-4BD6-A115-ABC10A4714C3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D338A79-884A-497A-9E12-4B361A2684B0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{549FC12F-9A66-499B-91D1-C8A7076662BB}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A24DA508-5671-49D8-AFCD-073D456A5E14}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{607A4DC1-4A47-405B-A6BA-7C4A00F71CA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{185A81A8-77B7-4103-90F4-013C6DBA0F75}] => (Allow) C:\Program Files\RustDesk\RustDesk.exe (Zhou Huabing -> com.carriez)
FirewallRules: [{5F52F77C-9BE7-4B41-9F86-1C3BD1BD30A0}] => (Allow) C:\Program Files\RustDesk\RustDesk.exe (Zhou Huabing -> com.carriez)
FirewallRules: [{0273D37F-2CC1-4DED-9267-8F439872C05B}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{0DF29E9B-958F-4079-8B5A-3A85C461DA61}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{D039A3DF-D5DA-4948-B61F-BF27AB73A94B}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{A5E21507-B0A5-4469-B65F-03C536376044}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{B99F18E8-A75C-4306-9683-667E454CE3E4}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{3A36919A-1727-4AB1-B31B-1AF822FA2416}] => (Allow) C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:50 GB) (Free:20.69 GB) (41%)
 
==================== Faulty Device Manager Devices ============
 
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft RRAS Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Serial IO I2C Host Controller - 7AFD
Description: Intel® Serial IO I2C Host Controller - 7AFD
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_I2C_ADL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Serial IO I2C Host Controller - 7ACF
Description: Intel® Serial IO I2C Host Controller - 7ACF
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_I2C_ADL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Serial IO I2C Host Controller - 7ACC
Description: Intel® Serial IO I2C Host Controller - 7ACC
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_I2C_ADL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Serial IO I2C Host Controller - 7AFC
Description: Intel® Serial IO I2C Host Controller - 7AFC
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_I2C_ADL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Serial IO I2C Host Controller - 7ACE
Description: Intel® Serial IO I2C Host Controller - 7ACE
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_I2C_ADL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/03/2024 12:28:00 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SystemSettings.exe version 10.0.22621.3235 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (03/03/2024 03:42:56 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: KAPS.exe, version: 3.1423.712.2, time stamp: 0x64ae3980
Faulting module name: KAPS.exe, version: 3.1423.712.2, time stamp: 0x64ae3980
Exception code: 0xc0000005
Fault offset: 0x00000000000ecd40
Faulting process id: 0x0x28e4
Faulting application start time: 0x0x1da6d480c618211
Faulting application path: C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
Faulting module path: C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
Report Id: 275ca340-a60f-44bd-9a05-bc7eac3f0cf5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 03:41:13 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program explorer.exe version 10.0.22621.2792 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (03/03/2024 02:33:42 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wscsvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: wscsvc.dll, version: 10.0.22621.2506, time stamp: 0xdb001b9b
Exception code: 0xc0000005
Fault offset: 0x000000000002a263
Faulting process id: 0x0xc08
Faulting application start time: 0x0x1da6d457fc525cd
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\wscsvc.dll
Report Id: bccc99d2-1f74-4d92-93b2-fde5bde27673
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 02:30:23 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wscsvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: wscsvc.dll, version: 10.0.22621.2506, time stamp: 0xdb001b9b
Exception code: 0xc0000005
Fault offset: 0x000000000002a263
Faulting process id: 0x0x790
Faulting application start time: 0x0x1da6d450931a248
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\wscsvc.dll
Report Id: 5a9dd42e-9bed-4cfb-a6dd-121c4b1b3c20
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 02:28:42 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wscsvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: wscsvc.dll, version: 10.0.22621.2506, time stamp: 0xdb001b9b
Exception code: 0xc0000005
Fault offset: 0x000000000002a263
Faulting process id: 0x0x18ac
Faulting application start time: 0x0x1da6d44ccce61e9
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\wscsvc.dll
Report Id: 1563a71f-487e-42c3-ba21-271a8627a297
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 02:28:23 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wscsvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: wscsvc.dll, version: 10.0.22621.2506, time stamp: 0xdb001b9b
Exception code: 0xc0000005
Fault offset: 0x000000000002a263
Faulting process id: 0x0x6dc
Faulting application start time: 0x0x1da6d44795e6c89
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wscsvc.dll
Report Id: cdae01a2-2cb6-4d23-bcb6-cfd1fa0c0f7c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 02:26:34 AM) (Source: Application Error) (EventID: 1000) (User: DELL-XPS-DB)
Description: Faulting application name: Cortana.exe, version: 3.2204.14815.0, time stamp: 0x62585a1a
Faulting module name: SharedLibrary.dll, version: 2.2.29512.0, time stamp: 0x5fad1a6e
Exception code: 0x80070005
Fault offset: 0x00000000007e38de
Faulting process id: 0x0x18b4
Faulting application start time: 0x0x1da6d44802c6b73
Faulting application path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2204.14815.0_x64__8wekyb3d8bbwe\Cortana.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report Id: 8ca527b3-9ab7-40a0-bc06-e4ae550f3932
Faulting package full name: Microsoft.549981C3F5F10_3.2204.14815.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (03/03/2024 12:38:07 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (03/03/2024 12:38:07 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (03/03/2024 11:23:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SgrmBroker service terminated with the following error: 
%%2147942402 = The system cannot find the file specified.
 
Error: (03/03/2024 11:23:19 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (03/03/2024 11:23:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/03/2024 11:15:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordsec-threatprotection-service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2024 03:57:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SgrmBroker service terminated with the following error: 
%%2147942402 = The system cannot find the file specified.
 
Error: (03/03/2024 03:57:44 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
Windows Defender:
================
Date: 2024-03-03 01:45:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-03 00:15:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.17.1 12/14/2023
Motherboard: Dell Inc. 0R6PCT
Processor: 12th Gen Intel® Core™ i7-12700
Percentage of memory in use: 45%
Total physical RAM: 16107.14 MB
Available physical RAM: 8827.95 MB
Total Virtual: 16107.14 MB
Available Virtual: 6600.64 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:50 GB) (Free:20.69 GB) (Model: CL4-3D256-Q11 NVMe SSSTC 256GB) NTFS
Drive d: (Data) (Fixed) (Total:186.16 GB) (Free:180.03 GB) (Model: CL4-3D256-Q11 NVMe SSSTC 256GB) NTFS
Drive e: (Recovery) (Fixed) (Total:2 GB) (Free:1.98 GB) (Model: CL4-3D256-Q11 NVMe SSSTC 256GB) NTFS
Drive i: (ESD-USB) (Removable) (Total:7.86 GB) (Free:1.91 GB) FAT32
 
\\?\Volume{7bb38d7b-4118-429c-afd9-8d0dda0bed8c}\ (ESD) (Fixed) (Total:0.29 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 305412CA)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.9 GB) (Disk ID: 55D42989)
Partition 1: (Active) - (Size=7.9 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================
 
 
[attachment=249186:UAC Has got me now.jpg]

 

 


BC AdBot (Login to Remove)

 

#2 dburk1979

dburk1979
  • Topic Starter

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:58 PM

Posted 03 March 2024 - 02:54 PM

I Clearly am having some personal issues with posting...Browser locks up at "posting" but never completes.  Then I open Chrome to see I posted 6 times.  I am pretty embarrassed.   So can a mod please help me delete the duplicates?   I can Not find a delete button or link.  

 

 

 

 

Thank you Mods. 


Edited by dburk1979, Yesterday, 02:00 PM.

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·