Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

please help > AggregatorHost.exe

Started by pcblues , Feb 22 2024 11:52 PM

  • This topic is locked This topic is locked
17 replies to this topic

#1 pcblues

pcblues

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 22 February 2024 - 11:52 PM

Hello,
 
PC specs : Windows 10 Home 22H2

OS build  19045.4046
 
attached FRST.txt & Addition.txt
 
 
Post made earlier @ win10 section..
 
I've just come across AggregatorHost.exe running in task manager.

Checked properties. ..  file  is located in the Windows System 32 folder

but not digitally signed.. I assume it came with Windows update on 16 Feb,

Have tried searching online to find out more.. most results show that

it's a Window process.. but if it was,  it would be digitally signed by MS ..

I'd appreciate some info & help with this..


Thanks in advance...

pcblues...
 
PS: it should be noted that this AggregatorHost.exe was created the
same time as two Cumulative Windows updates on the 16-2-24
 
As well , I have run full scans by Win Defender & Malwarebytes  &
they found no issues at all.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
Ran by House of Blues (administrator) on LAPTOP-OVAK2SR7 (LENOVO 81H7) (23-02-2024 14:38:32)
Running from C:\Users\House of Blues\Downloads\FRST64(1).exe
Loaded Profiles: House of Blues
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Private Internet Access\pia-service.exe ->) (Private Internet Access, Inc. -> The OpenVPN Project) C:\Program Files\Private Internet Access\pia-openvpn.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxEM.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Private Internet Access, Inc. -> Private Internet Access Incorporated) C:\Program Files\Private Internet Access\pia-client.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_942c1421a17c69ba\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_942c1421a17c69ba\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Private Internet Access, Inc. -> ) C:\Program Files\Private Internet Access\pia-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2310.24037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.17231.20236.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1081136 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [BraveDevVpnWireguardService] => C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10797080 2023-11-25] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10868248 2024-02-22] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\Run: [F8497502A71C3DB6A82CA84BBC8D14A100DB2C67._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\Run: [Icedrive] => C:\Program Files\Icedrive\Icedrive.exe [20632288 2022-06-10] (ID CLOUD SERVICES LTD -> ID Cloud Services Ltd.)
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\Run: [MicrosoftEdgeAutoLaunch_07794688A7EF61CE5E802DA84115FF88] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\Installer\chrmstp.exe [2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{CB2150F2-595F-4633-891A-E39720CE0531}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\Installer\chrmstp.exe [2023-11-26] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {65ABFFA9-9512-4BB2-94EB-9677C7371B48} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {1F3D7303-921D-4A9B-B62F-AA5283F38141} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-02-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C410DD29-161A-46AB-93B4-C823CF10A396} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-02-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {154CA11F-A75A-4E24-95CA-188000E3F8DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {64B0D50E-5DF5-4790-A0A3-AE88D8D662C4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {48ED158A-D36B-41A2-85F9-5BC2CDF20ED0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [816960 2017-10-12] (Intel® Trust Services -> Intel® Corporation)
Task: {4F7D5424-94F6-43CB-A7A2-01331D480964} - System32\Tasks\Lenovo\LenovoWelcomeTask => "C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe" /task (No File)
Task: {5BE37EF3-43C1-4E3B-935F-979A5EA51447} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe [5577144 2024-02-16] (Microsoft Windows -> Microsoft Corporation)
Task: {F27E3BF8-0530-42A9-BEB8-3A9E1450456C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3FC343FA-F76B-478D-9BBC-C9DDAFBC17C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {88176C44-E522-4073-BD8A-BF89C5C1987D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18148499-A34F-434E-BAB9-5368296F5D4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0569D5D-496E-44A9-9F11-84DE4545F5EA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.241
Tcpip\..\Interfaces\{50cf4b6a-8732-433d-909e-791e65095e31}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e093f5ed-f790-42d4-8ea0-a68316782dc8}: [DhcpNameServer] 10.0.0.241
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}: [DhcpDomain] home
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}\455636863547164796F6E6D27457563747: [DhcpNameServer] 10.1.2.1
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}\455636863547164796F6E6D27457563747: [DhcpDomain] lan
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}\F405455535F5442324446454: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}\F405455535F5442324446454: [DhcpDomain] Home
Tcpip\..\Interfaces\{f452a435-4061-4ff9-9f06-aec932014da4}\F407475737D24374D25453537333D233642463: [DhcpNameServer] 192.168.8.1 192.168.8.1

Edge:
=======
Edge Profile: C:\Users\House of Blues\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-18]
Edge Extension: (Google Docs Offline) - C:\Users\House of Blues\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-23]
Edge Extension: (Edge relevant text changes) - C:\Users\House of Blues\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]

FireFox:
========
FF DefaultProfile: smjwyy40.default
FF ProfilePath: C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default [2024-02-23]
FF Homepage: Mozilla\Firefox\Profiles\smjwyy40.default -> about:blank
FF Extension: (AdBlocker Ultimate) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\adblockultimate@adblockultimate.net.xpi [2024-02-20]
FF Extension: (Brave search) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\BraveSearchExtension@io.Uvera.xpi [2022-04-23]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\firefox@ghostery.com.xpi [2023-12-15]
FF Extension: (Disable WebRTC) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-01-02]
FF Extension: (Decentraleyes) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2023-08-31]
FF Extension: (AdBlocker for YouTube™) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2024-01-19]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-02-03]
FF Extension: (uBlock Origin) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-21]
FF Extension: (NoScript) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-12-23]
FF Extension: (block-miners) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{74b0af75-8791-44e2-95a6-7f0ab94143ec}.xpi [2019-04-19]
FF Extension: (Canvas Fingerprint Defender) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2022-11-03]
FF Extension: (Smart HTTPS) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{b3e677f4-1150-4387-8629-da738260a48e}.xpi [2022-07-14]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2023-08-15]
FF Extension: (bleepute Download) - C:\Users\House of Blues\AppData\Roaming\Mozilla\Firefox\Profiles\smjwyy40.default\Extensions\{f0545c23-fb7f-411f-8f43-d6b6ffaf167d}.xpi [2022-05-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll [2023-09-17] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll [2023-09-17] (Adobe Systems Incorporated -> )
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

Brave:
=======
BRA Profile: C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-02-20]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-02-12]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-02-20]
BRA Extension: (Brave NTP background images) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-12]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-02-20]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-02-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-02-12]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-02-12]
BRA Extension: (Brave NTP sponsored images) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2024-02-20]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-02-20]
BRA Extension: (Brave Ads Resources) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\kklfafolbojbonkjgifmmkdmaaimminj [2024-02-15]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\House of Blues\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-02-12]
StartMenuInternet: Brave Dev - C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-02-13] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 BraveDevVpnService; C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\brave_vpn_helper.exe [2762264 2023-11-25] (Brave Software, Inc. -> Brave Software, Inc.)
S4 BraveDevVpnWireguardService; C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10797080 2023-11-25] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-02-13] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\brave_vpn_helper.exe [2727448 2024-02-22] (Brave Software, Inc. -> Brave Software, Inc.)
S4 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10868248 2024-02-22] (Brave Software, Inc. -> Brave Software, Inc.)
S3 Dissenter; C:\Program Files (x86)\dissenter-1.x\DissenterUpgrader.exe [17528 2020-03-03] (Gab AI Inc. -> )
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602632 2018-07-09] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [288200 2018-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2024-01-08] (Malwarebytes Inc. -> Malwarebytes)
S4 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-15] (PALTALK, INC. -> AVM Software)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3863040 2023-08-09] (Microsoft Corporation) [File not signed]
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1391840 2023-12-12] (Private Internet Access, Inc. -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4455000 2023-12-12] (Private Internet Access, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [1058504 2021-08-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 BraveDevElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\elevation_service.exe" [X]
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 dokan2; C:\WINDOWS\System32\DRIVERS\dokan2.sys [394232 2022-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
S3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc. -> Visicom Media Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.)
R3 MpKsl5ab35bd5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3727B379-C692-4C43-8ECE-89DF8EDC78DE}\MpKslDrv.sys [272664 2024-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-01-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-23 14:36 - 2024-02-23 14:38 - 000040460 _____ C:\Users\House of Blues\Downloads\Addition.txt
2024-02-23 14:34 - 2024-02-23 14:39 - 000023237 _____ C:\Users\House of Blues\Downloads\FRST.txt
2024-02-23 14:34 - 2024-02-23 14:39 - 000000000 ____D C:\FRST
2024-02-23 14:32 - 2024-02-23 14:32 - 002386944 _____ (Farbar) C:\Users\House of Blues\Downloads\FRST64(2).exe
2024-02-23 14:32 - 2024-02-23 14:32 - 002386944 _____ (Farbar) C:\Users\House of Blues\Downloads\FRST64(1).exe
2024-02-23 14:29 - 2024-02-23 14:29 - 002386944 _____ (Farbar) C:\Users\House of Blues\Downloads\FRST64.exe
2024-02-23 07:47 - 2024-02-23 07:49 - 000000000 ____D C:\Users\House of Blues\Downloads\Clay Hammond - I Kissed Her Gone (2004)
2024-02-23 05:01 - 2024-02-23 05:08 - 000000000 ____D C:\Users\House of Blues\Downloads\James Brown _ We Got To Change 7'' (1970, p 2024)
2024-02-23 05:01 - 2024-02-23 05:07 - 000000000 ____D C:\Users\House of Blues\Downloads\James Brown _ Funk Power - 1970 A Brand New Thang (1996)
2024-02-23 05:01 - 2024-02-23 05:05 - 000000000 ____D C:\Users\House of Blues\Downloads\Finders Keepers (pre-Trapeze)
2024-02-23 05:01 - 2024-02-23 05:05 - 000000000 ____D C:\Users\House of Blues\Downloads\Beautiful People - If 60's Were 90's - 1964
2024-02-23 05:00 - 2024-02-23 05:07 - 000000000 ____D C:\Users\House of Blues\Downloads\THE ARCHIES - Sugar, Sugar - The Complete Albums Collection (2016) @320
2024-02-23 05:00 - 2024-02-23 05:00 - 000000000 ____D C:\Users\House of Blues\Downloads\Rod Stewart - Swing Fever (2024)
2024-02-23 04:09 - 2024-02-23 04:13 - 227476904 _____ C:\Users\House of Blues\Downloads\West's economic war on Russia.mp4
2024-02-22 19:19 - 2024-02-22 19:20 - 010362304 _____ C:\Users\House of Blues\Downloads\Worlds largest snake as thick as a car tyre filmed slithering across river floor by TV crew.mp4
2024-02-22 18:27 - 2024-02-21 02:49 - 000000000 ____D C:\Users\House of Blues\Downloads\B.B. KING Great American Music Hall, San Francisco, CA 1976
2024-02-22 18:26 - 2024-02-22 18:31 - 000000000 ____D C:\Users\House of Blues\Downloads\Henry McCullough Band - FBI Live - 2007
2024-02-22 16:08 - 2024-02-22 16:12 - 059120178 _____ C:\Users\House of Blues\Downloads\Gutfeld Its the safety. Stupid-.mp4
2024-02-22 12:11 - 2024-02-22 12:11 - 000000000 ____D C:\Users\House of Blues\Downloads\Status @uo - On The Level [Deluxe Edition] - 1975
2024-02-22 12:11 - 2024-02-22 12:11 - 000000000 ____D C:\Users\House of Blues\Downloads\Brown Brothers - Nowhere Left To Go (2024)
2024-02-22 12:11 - 2024-02-22 12:11 - 000000000 ____D C:\Users\House of Blues\Downloads\Allisons' Icebreakers - A Whole Lot Of Trouble - 2019
2024-02-22 12:09 - 2024-02-22 12:09 - 000000000 ____D C:\Users\House of Blues\Downloads\Red Prysock
2024-02-22 02:25 - 2024-02-22 18:28 - 000000000 ____D C:\Users\House of Blues\Downloads\Adam Douglas - Dancing For The Moon - 2023
2024-02-22 02:25 - 2024-02-22 02:33 - 000000000 ____D C:\Users\House of Blues\Downloads\Erin Ross - The Wind Will Lead Me Home - 2024
2024-02-22 02:25 - 2024-02-22 02:32 - 000000000 ____D C:\Users\House of Blues\Downloads\Lone Crow Rebellion - Coal Train Blues - 2024
2024-02-22 02:25 - 2024-02-22 02:32 - 000000000 ____D C:\Users\House of Blues\Downloads\Greg Serrato - Holy Smokes - 1999
2024-02-22 02:25 - 2024-02-20 06:29 - 000000000 ____D C:\Users\House of Blues\Downloads\Al Cook - A Legendary White Face In Blues (Volume 1) 1986
2024-02-22 02:24 - 2024-02-22 02:31 - 000000000 ____D C:\Users\House of Blues\Downloads\Paul Jensen - Journey Back Home - 2024
2024-02-22 02:23 - 2024-02-22 03:02 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - Cosimo Matassa Story Disc 1 - Reeling And Rocking
2024-02-22 02:22 - 2024-02-22 03:01 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - Cosimo Matassa Story Disc 3 - Try Rock 'n' Roll
2024-02-22 02:22 - 2024-02-22 03:01 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - Cosimo Matassa Story Disc 2 - Cat Music
2024-02-22 02:22 - 2024-02-22 03:00 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - Cosimo Matassa Story Disc 4 - Rockin' At Cosimo's
2024-02-22 02:22 - 2024-02-22 02:22 - 000000000 ____D C:\Users\House of Blues\Downloads\High Hawks - Mother Nature's Show (2024)
2024-02-22 02:21 - 2024-02-22 02:26 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - NME Rough Trade C81 (Sides 1&2) 1981
2024-02-21 19:42 - 2024-02-21 19:42 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - Song Keepers - A Music Maker Foundation Anthology (2024)
2024-02-21 19:36 - 2024-02-22 03:03 - 000000000 ____D C:\Users\House of Blues\Downloads\Grace Potter - Mother Road - 2023
2024-02-21 19:36 - 2024-02-21 19:38 - 000000000 ____D C:\Users\House of Blues\Downloads\Honey B & T-Bones - Alien Blues (2009) [320]
2024-02-21 19:36 - 2024-02-21 19:36 - 000000000 ____D C:\Users\House of Blues\Downloads\The Blind Boys of Alabama - Live In New Orleans (2024)
2024-02-21 15:03 - 2024-02-21 15:03 - 005922322 _____ C:\Users\House of Blues\Downloads\Prize Home Lottery 221 - Bribie Island.mp4
2024-02-21 09:16 - 2024-02-21 09:24 - 109227160 _____ C:\Users\House of Blues\Downloads\The FARMER PROTESTORS have CONQUERED Europe(1).mp4
2024-02-20 10:00 - 2024-02-20 10:00 - 000000000 ____D C:\Users\House of Blues\Downloads\Zinhof Web Music Programs
2024-02-16 12:08 - 2024-02-16 12:08 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-16 12:07 - 2024-02-16 12:07 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-16 11:53 - 2024-02-16 11:53 - 000000000 ___HD C:\$WinREAgent
2024-02-16 09:51 - 2024-02-16 09:51 - 000026969 _____ C:\Users\House of Blues\Downloads\ALVIN.m3u
2024-02-16 04:38 - 2024-02-16 04:39 - 091109326 _____ C:\Users\House of Blues\Downloads\Dömsödi Farkas Bálint - Piros rózsák beszélgetnek -teljes album-.mp4
2024-02-16 04:33 - 2024-02-16 04:33 - 016676518 _____ C:\Users\House of Blues\Downloads\Piros rózsák beszélgetnek(1).mp4
2024-02-16 04:31 - 2024-02-16 04:31 - 005995872 _____ C:\Users\House of Blues\Downloads\Piros rózsák beszélgetnek.mp4
2024-02-15 10:39 - 2024-02-15 10:39 - 014054370 _____ C:\Users\House of Blues\Downloads\The Russia Trip Part 1.mp4
2024-02-14 22:47 - 2024-02-14 22:48 - 066230765 _____ C:\Users\House of Blues\Downloads\The MOSCOW They Dont Want You To See Russia 2024.mp4
2024-02-14 18:48 - 2024-02-14 18:48 - 004888991 _____ C:\Users\House of Blues\Downloads\Douglas Murray explains what WOKE is in 3 minutes.mp4
2024-02-14 18:45 - 2024-02-14 18:45 - 006686465 _____ C:\Users\House of Blues\Downloads\Jordan Peterson - Tucker Carlson Notice Something About the WEF No One Sees.mp4
2024-02-14 18:29 - 2024-02-14 18:29 - 039370674 _____ C:\Users\House of Blues\Downloads\Tucker - Trump Drop Rap BANGER That Is SCORCHING The Internet 200M Views-.mp4
2024-02-12 15:48 - 2024-02-23 10:13 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-02-12 15:46 - 2024-02-12 15:46 - 000000000 ____D C:\Program Files\BraveSoftware
2024-02-12 05:19 - 2024-02-12 05:19 - 222853318 _____ C:\Users\House of Blues\Downloads\Putin and Tucker. Biden- Sisi President of Mexico. Zaluzhny finally fired. Elensky goes with Syrsky.mp4
2024-02-11 16:12 - 2024-02-11 16:12 - 004440878 _____ C:\Users\House of Blues\Downloads\New Shade Of Blue.mp4
2024-02-11 16:08 - 2024-02-11 16:08 - 006384289 _____ C:\Users\House of Blues\Downloads\Vienna Teng - Blue Caravan.mp4
2024-02-11 12:22 - 2024-02-15 22:57 - 000000000 ____D C:\Users\House of Blues\AppData\Local\ManyCam
2024-02-11 12:22 - 2024-02-11 12:22 - 000001103 _____ C:\Users\Public\Desktop\ManyCam.lnk
2024-02-11 12:22 - 2024-02-11 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2024-02-11 12:22 - 2024-02-11 12:22 - 000000000 ____D C:\Program Files (x86)\ManyCam
2024-02-11 05:28 - 2024-02-11 05:28 - 004122651 _____ C:\Users\House of Blues\Downloads\OHHH- Karine’s REPLACEMENT today was NOT able to COVER for Joe Biden’s LIES either- .mp4
2024-02-10 17:42 - 2024-02-10 17:42 - 002769746 _____ C:\Users\House of Blues\Downloads\When CNN Absolutely ANNIHILATES You.mp4
2024-02-10 02:55 - 2024-02-10 02:55 - 013840863 _____ C:\Users\House of Blues\Downloads\Toby Keith - I Love This Bar.mp4
2024-02-10 02:54 - 2024-02-10 02:54 - 011963448 _____ C:\Users\House of Blues\Downloads\Toby Keith - Beer For My Horses -Official Music Video- ft. Willie Nelson.mp4
2024-02-09 22:26 - 2024-02-10 08:17 - 000000000 ____D C:\Users\House of Blues\Downloads\1 Toby Keith
2024-02-07 02:24 - 2016-10-23 16:01 - 020187402 _____ C:\Users\House of Blues\Downloads\Devil Woman - Bruce Willis.mp4
2024-02-07 02:21 - 2024-02-07 02:21 - 000000000 ____D C:\Users\House of Blues\Downloads\Rock & Roll Party
2024-02-06 23:03 - 2024-02-06 23:06 - 028598211 _____ C:\Users\House of Blues\Downloads\Sammy Hagar Visits Toby Keiths Unbelievable Oklahoma Ranch Rock - Roll Road Trip.mp4
2024-02-05 05:27 - 2024-02-05 05:29 - 000113666 _____ C:\TDSSKiller.3.1.0.17_05.02.2024_05.27.04_log.txt
2024-02-01 12:52 - 2024-02-03 12:27 - 000001266 _____ C:\Users\House of Blues\Documents\ww.txt
2024-01-31 19:45 - 2024-01-31 19:45 - 187250187 _____ C:\Users\House of Blues\Downloads\Caro Emerald Live at Sziget Fesztivál CaroEmerald szigetfestival sziget.mp4
2024-01-31 13:18 - 2024-01-31 13:18 - 002915821 _____ C:\Users\House of Blues\Downloads\3 eggs in a safe.mp4
2024-01-30 01:10 - 2024-01-30 01:10 - 034388440 _____ C:\Users\House of Blues\Downloads\Greenwich Village Folk Festival 1993 18 Paul Siebel.mp4
2024-01-29 22:28 - 2024-01-29 22:29 - 000000030 _____ C:\Users\House of Blues\Documents\qatar.txt
2024-01-28 22:29 - 2024-01-29 22:28 - 000004430 _____ C:\Users\House of Blues\Documents\lol artt+tonys rrules.txt
2024-01-26 11:29 - 2024-01-26 11:29 - 012805940 _____ C:\Users\House of Blues\Downloads\Australian Patriotic Song God Bless Australia.mp4
2024-01-25 18:24 - 2024-01-25 18:24 - 011090917 _____ C:\Users\House of Blues\Downloads\God Bless Australia.mp4
2024-01-24 11:44 - 2024-01-25 20:01 - 000002053 _____ C:\Users\House of Blues\Documents\extreme slsk.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-23 14:38 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-23 14:22 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-23 14:21 - 2024-01-09 15:43 - 000000000 ____D C:\Users\House of Blues\Downloads\alvin
2024-02-23 14:20 - 2019-02-13 11:11 - 000000000 ____D C:\Users\House of Blues\AppData\Local\ClassicShell
2024-02-23 14:04 - 2022-02-10 06:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-23 13:23 - 2022-08-09 23:06 - 000001074 _____ C:\Users\House of Blues\Desktop\Private Internet Access (2).lnk
2024-02-23 13:22 - 2019-01-17 08:52 - 000000000 __SHD C:\Users\House of Blues\IntelGraphicsProfiles
2024-02-23 13:07 - 2021-02-01 11:03 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-23 13:03 - 2021-02-01 11:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-23 13:03 - 2021-02-01 10:45 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-23 13:03 - 2019-12-07 19:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-02-23 12:26 - 2020-10-29 20:05 - 000000802 _____ C:\Users\House of Blues\Desktop\MusicBee.lnk
2024-02-23 11:17 - 2022-02-06 23:31 - 000001067 _____ C:\Users\House of Blues\Desktop\Paltalk.lnk
2024-02-23 10:24 - 2021-02-01 11:12 - 000004184 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{54152F3A-22CF-41F4-B59E-11A1D6493E2E}
2024-02-23 08:47 - 2023-05-15 10:47 - 000000000 ____D C:\Users\House of Blues\AppData\Local\Malwarebytes
2024-02-23 08:25 - 2019-02-04 15:53 - 000000000 ____D C:\ProgramData\TEMP
2024-02-23 08:24 - 2019-02-04 15:53 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-02-23 08:17 - 2019-02-04 15:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-23 08:17 - 2019-02-04 15:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-23 08:12 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-23 08:11 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-23 07:49 - 2023-11-19 03:49 - 000000000 ____D C:\Users\House of Blues\Downloads\1FLACC
2024-02-23 07:24 - 2019-02-04 15:28 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-23 05:35 - 2019-01-17 18:17 - 000000000 ____D C:\Users\House of Blues\AppData\Local\D3DSCache
2024-02-22 20:01 - 2020-09-11 19:28 - 000000000 ____D C:\ProgramData\Soulseek
2024-02-22 13:02 - 2020-08-20 21:31 - 000000000 ____D C:\Program Files\Everything
2024-02-22 12:32 - 2019-04-19 17:11 - 000000000 ____D C:\Users\House of Blues\AppData\Roaming\vlc
2024-02-22 12:06 - 2021-02-01 10:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-21 18:28 - 2020-09-05 00:27 - 000000000 ____D C:\Users\House of Blues\AppData\Local\CrashDumps
2024-02-21 14:31 - 2024-01-13 17:49 - 000000000 ____D C:\Users\House of Blues\Downloads\Just in
2024-02-21 14:01 - 2019-02-13 11:25 - 000000000 ____D C:\Users\House of Blues\AppData\Roaming\Microsoft\Skype for Desktop
2024-02-21 12:43 - 2019-02-13 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2024-02-18 04:42 - 2020-07-25 18:51 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-16 12:15 - 2021-02-01 10:46 - 000259496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-16 12:15 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-16 12:13 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-16 11:50 - 2019-02-12 22:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-16 11:48 - 2019-02-12 22:06 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-16 09:46 - 2022-04-20 06:19 - 000000000 ____D C:\Users\House of Blues\Documents\Win 10
2024-02-16 09:18 - 2023-10-19 22:04 - 014713779 _____ C:\Users\House of Blues\Downloads\06 Nut Popper #1.flac
2024-02-16 05:02 - 2019-12-07 19:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-13 12:21 - 2019-04-22 16:02 - 000000000 ____D C:\Users\House of Blues\AppData\Local\ElevatedDiagnostics
2024-02-13 10:31 - 2018-10-16 18:24 - 000000000 ____D C:\ProgramData\Realtek
2024-02-13 09:10 - 2020-08-16 17:09 - 000000000 ____D C:\Program Files (x86)\System Ninja
2024-02-12 15:48 - 2023-03-13 10:25 - 000000000 ____D C:\ProgramData\BraveSoftware
2024-02-12 15:48 - 2019-02-13 12:04 - 000000000 ____D C:\Users\House of Blues\AppData\Local\BraveSoftware
2024-02-11 09:26 - 2023-05-04 16:12 - 000000000 ____D C:\Users\House of Blues\Documents\Gary Moore
2024-02-11 08:28 - 2017-07-28 20:59 - 000000000 ____D C:\Users\House of Blues\Downloads\a UTUBE waw
2024-02-11 05:01 - 2023-09-28 08:00 - 000000000 ____D C:\Users\House of Blues\Downloads\V A - 100 Love Songs
2024-02-10 12:30 - 2023-12-28 16:25 - 000307604 _____ C:\Users\House of Blues\Documents\ST .txt
2024-02-06 05:35 - 2021-02-01 11:12 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-06 05:35 - 2021-02-01 11:12 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-05 05:22 - 2023-08-16 16:22 - 000000000 ____D C:\Users\House of Blues\Downloads\slsk
2024-02-05 03:57 - 2022-01-19 13:55 - 000000000 ____D C:\Users\House of Blues\AppData\Roaming\Paltalk
2024-02-01 02:17 - 2023-12-26 09:33 - 000000665 _____ C:\Users\House of Blues\Documents\nos.txt
2024-01-31 21:56 - 2023-08-23 11:44 - 000000000 ____D C:\Users\House of Blues\Documents\Sound recordings
2024-01-27 22:28 - 2021-12-30 15:42 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-26 21:18 - 2019-01-17 08:52 - 000000000 ___SD C:\Users\House of Blues\AppData\Roaming\Microsoft\Credentials
2024-01-26 17:39 - 2020-09-06 22:32 - 000000000 ____D C:\Program Files (x86)\ZamTalk
2024-01-25 17:17 - 2023-10-29 16:38 - 000000486 _____ C:\Users\House of Blues\Documents\nmnnnn.txt

==================== Files in the root of some directories ========

2023-09-06 03:30 - 2023-09-06 03:30 - 000000036 _____ () C:\Users\House of Blues\AppData\Local\housecall.guid.cache
2023-06-24 15:21 - 2023-06-24 15:21 - 000001548 _____ () C:\Users\House of Blues\AppData\Local\recently-used.xbel
2020-12-12 12:43 - 2020-12-12 12:43 - 000000017 _____ () C:\Users\House of Blues\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by House of Blues (23-02-2024 14:39:52)
Running from C:\Users\House of Blues\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) (2021-02-01 01:13:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-580658408-3019728016-3726230185-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-580658408-3019728016-3726230185-503 - Limited - Disabled)
Guest (S-1-5-21-580658408-3019728016-3726230185-501 - Limited - Disabled)
House of Blues (S-1-5-21-580658408-3019728016-3726230185-1001 - Administrator - Enabled) => C:\Users\House of Blues
WDAGUtilityAccount (S-1-5-21-580658408-3019728016-3726230185-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Any Video Converter 8.2.1 (HKLM-x32\...\Any Video Converter) (Version: 8.2.1 - Anvsoft)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 122.1.63.161 - Brave Software Inc)
Brave Dev (HKLM-x32\...\BraveSoftware Brave-Browser-Dev) (Version: 119.1.61.87 - Brave Software Inc)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Everything 1.4.1.988 (x64) (HKLM\...\Everything) (Version: 1.4.1.988 - David Carpenter)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Icedrive (HKLM-x32\...\Icedrive) (Version: 2.62 - ID Cloud Services Ltd.)
Intel® Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{7B3B60EB-197B-4B06-ADFF-D0B50E755D4F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{EC465D35-92DC-4DAE-9EA8-01215688F709}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{E5B5A486-C7F5-429C-9324-13835620F2FD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5037 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes)
ManyCam 4.0.52 (HKLM-x32\...\ManyCam) (Version: 4.0.52 - Visicom Media Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{D3531D7A-B6FA-44A5-A024-E2A14F325F90}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{985F7F32-5BE4-4CDA-9582-F7AEA40D1974}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{8a225685-3b19-4387-b61b-830061421071}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918 (HKLM-x32\...\{BD9CFD69-EB91-354E-9C98-D439E6091932}) (Version: 14.0.23918 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918 (HKLM-x32\...\{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}) (Version: 14.0.23918 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0 (x64 en-US)) (Version: 123.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.7.0 - Mozilla)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 3.5.3+07926 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Qlock Free (HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\Qlock) (Version: 1.91 - Vitei inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Skype version 8.111 (HKLM-x32\...\Skype_is1) (Version: 8.111 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
System Ninja version 4.0.1 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 4.0.1 - SingularLabs)
TUSK (HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\TUSK Browser) (Version: 111.0.5563.65 - The TUSK Authors)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
ZamTalk version 13.0.1 (HKLM-x32\...\{BB7D921C-8262-4491-AED3-FCF24B0C03C5}_is1) (Version: 13.0.1 - ZamTalk)

Packages:
=========

Any Video Converter,Video To Mp3,Total Video Converter -> C:\Program Files\WindowsApps\39492FruitCandy.AnyVideoConverterVideoToMp3TotalVi_1.1.1.0_x64__xnewyr70hrxjw [2021-10-19] (Fruit Candy) [MS Ad]
Debut Video Recorder -> C:\Program Files\WindowsApps\NCHSoftware.DebutVideoRecorderFree_9.4.6.0_x86__7kedsbyvzns34 [2023-11-15] (NCH Software)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.20.2035.0_x64__rz1tebttyb220 [2024-02-03] (Dolby Laboratories)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20402.409.0_x64__rz1tebttyb220 [2020-07-26] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt [2024-02-14] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-02-12] (INTEL CORP)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.17231.20236.0_x86__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Mp3tag -> C:\Program Files\WindowsApps\35795FlorianHeidenreich.Mp3tag_3.24.0.0_x64__rf0p6xgxmspcc [2024-01-27] (Florian Heidenreich)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-03-09] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.25.0_x64__nfy108tqq3p12 [2023-10-21] (Thumbmunkeys Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2020-08-07] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-580658408-3019728016-3726230185-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-580658408-3019728016-3726230185-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\House of Blues\AppData\Local\TUSK Browser\Application\111.0.5563.65\notification_helper.exe (Virtual World Computing, LLC) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1_S-1-5-21-580658408-3019728016-3726230185-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-580658408-3019728016-3726230185-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\SysWOW64\ir50_32original.dll [746496 2019-12-07] (Microsoft Windows -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\House of Blues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock\Help.lnk -> hxxp://www.qlock.com/help

==================== Loaded Modules (Whitelisted) =============

2021-03-16 16:39 - 2019-02-22 02:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> DefaultScope {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 09:38 - 2018-04-12 09:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\House of Blues\Downloads\almadoll.jpg
DNS Servers: 10.0.0.241 - 192.168.20.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\StartupApproved\Run: => "ZamTalk"
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\StartupApproved\Run: => "F8497502A71C3DB6A82CA84BBC8D14A100DB2C67._service_run"
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\StartupApproved\Run: => "Icedrive"
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_07794688A7EF61CE5E802DA84115FF88"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6850F157-E54D-49F0-BCCF-978CB2F9C360}] => (Allow) C:\Users\House of Blues\AppData\Local\GabAI\Dissenter\Application\dissenter.exe => No File
FirewallRules: [{35055420-319A-4651-8705-43BB1D5262B1}] => (Block) C:\program files (x86)\soulseekns\slsk.exe () [File not signed]
FirewallRules: [{7D624F39-BBF8-4E06-A7D3-200668ADD3EB}] => (Block) C:\program files (x86)\soulseekns\slsk.exe () [File not signed]
FirewallRules: [UDP Query User{65CF92E3-E9FC-4EA5-B194-050EF816F817}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe () [File not signed]
FirewallRules: [TCP Query User{172D6602-A9B4-4285-8886-A747FD3185BB}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe () [File not signed]
FirewallRules: [{408E4B4E-2047-4778-BF4D-B81FF93EA952}] => (Block) C:\program files (x86)\manycam\manycam.exe (Visicom Media Inc. -> Visicom Media Inc.)
FirewallRules: [{40DF8594-413B-45A8-970E-2FB935F6BC97}] => (Block) C:\program files (x86)\manycam\manycam.exe (Visicom Media Inc. -> Visicom Media Inc.)
FirewallRules: [UDP Query User{8E0742B5-FB13-4FC2-A168-773059FDA99D}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (Visicom Media Inc. -> Visicom Media Inc.)
FirewallRules: [TCP Query User{358DEBDF-822D-44D2-92D2-39D4A73CC86B}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (Visicom Media Inc. -> Visicom Media Inc.)
FirewallRules: [UDP Query User{02287E9A-62B2-41D5-9174-1C7C45DB4486}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{36CC1903-D596-4B57-9811-62BC74E64833}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3E719E1-EDD5-4850-82C4-906C7ED8B9A6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{1AF5D41D-A31B-44EE-AF36-21F317EFA081}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{73306665-D130-4E45-B70C-020C9C8699C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CBC2D0F8-CC49-4840-B17A-D1823DDFEC27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CC269EAF-50DB-4572-BD26-A8940567C7FF}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{C4D7254C-D610-4A1A-8ADA-3F275D3A75FC}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{0877C96E-1982-4292-B444-08FA0B5FA0AF}C:\users\house of blues\appdata\local\tusk browser\application\tusk.exe] => (Block) C:\users\house of blues\appdata\local\tusk browser\application\tusk.exe (Virtual World Computing, LLC) [File not signed]
FirewallRules: [UDP Query User{F7924F65-3A92-4D92-B6B5-05C9911C7692}C:\users\house of blues\appdata\local\tusk browser\application\tusk.exe] => (Block) C:\users\house of blues\appdata\local\tusk browser\application\tusk.exe (Virtual World Computing, LLC) [File not signed]
FirewallRules: [{B2BEA2BA-D0B3-4D3F-B866-4211D47ACC2D}] => (Allow) C:\Users\House of Blues\AppData\Local\TUSK Browser\Application\TUSK.exe (Virtual World Computing, LLC) [File not signed]
FirewallRules: [{CD757C2B-7FEA-4E28-9804-F64D78EB16F8}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{14259BD7-EA7B-4939-8BE9-054018100FBB}] => (Allow) C:\Users\House of Blues\AppData\Local\TUSK Browser\Application\chrome.exe (Virtual World Computing, LLC) [File not signed]
FirewallRules: [{9BE38F27-1E09-4DDE-B95C-BA536D370337}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.17231.20236.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55F77D0E-D8EC-40CE-BF8E-97044C59EB37}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87678CD5-AA9E-4671-8B54-B717867193AD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BAAF76CD-C9F9-4154-ACE3-0E75B986F3BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6DD6B2D3-F681-4580-ADED-B0D70ABA0140}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Realtek Bluetooth Adapter
Description: Realtek Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/23/2024 01:03:35 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-OVAK2SR7$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(672ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/23/2024 08:17:33 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-OVAK2SR7$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/22/2024 06:41:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ScreenSketch.exe version 10.2008.3001.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2898

Start Time: 01da656ae34ba64a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe\ScreenSketch.exe

Report Id: baaec110-0489-4e86-bcc3-fc985b50bf03

Faulting package full name: Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (02/22/2024 12:06:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/22/2024 11:18:18 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (02/21/2024 06:28:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: slsk.exe, version: 1.0.0.1, time stamp: 0x4a27a1ba
Faulting module name: slsk.exe, version: 1.0.0.1, time stamp: 0x4a27a1ba
Exception code: 0xc0000005
Fault offset: 0x000543b1
Faulting process id: 0x364
Faulting application start time: 0x01da649f70236d97
Faulting application path: C:\Program Files (x86)\SoulseekNS\slsk.exe
Faulting module path: C:\Program Files (x86)\SoulseekNS\slsk.exe
Report Id: d7e3a7cc-a61d-4cb5-8793-353be4452980
Faulting package full name:
Faulting package-relative application ID:

Error: (02/21/2024 09:57:09 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (02/20/2024 09:57:09 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2


System errors:
=============
Error: (02/23/2024 08:12:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (02/19/2024 05:47:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR7.

Error: (02/18/2024 06:48:46 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-OVAK2SR7)
Description: DCOM got error "1068" attempting to start the service workfolderssvc with arguments "Unavailable" in order to run the server:
{DA1C0281-456B-4F14-A46D-8ED2E21A866F}

Error: (02/18/2024 06:48:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/15/2024 06:59:33 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (02/14/2024 08:44:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PLFNLNT3G5G-AppUp.IntelGraphicsExperience.

Error: (02/14/2024 08:03:53 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (02/12/2024 05:08:05 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Windows Defender:
================
Date: 2024-02-22 12:01:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-02-21 12:35:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-02-20 10:21:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-02-19 12:19:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-02-18 12:31:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-02-06 11:29:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.3204.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2024-02-06 06:45:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.3204.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024402f
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2024-01-02 15:16:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1492.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2024-01-02 15:16:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1492.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2023-12-20 02:46:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.756.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===============
Date: 2024-02-23 13:06:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_942c1421a17c69ba\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 8QCN20WW(V1.08) 11/28/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 62%
Total physical RAM: 8058.39 MB
Available physical RAM: 3058.39 MB
Total Virtual: 9338.39 MB
Available Virtual: 4197.93 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:952.67 GB) (Free:249.74 GB) (Model: SPCC Solid State Disk) NTFS

\\?\Volume{7f1f7940-5691-01d9-a0b0-8fb648abec00}\ (WINRE_DRV) (Fixed) (Total:0.92 GB) (Free:0.29 GB) NTFS
\\?\Volume{7583ae00-5640-01d9-00d7-c13a20abec00}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 953.9 GB) (Disk ID: 5A1BB728)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


Edited by Oh My!, 23 February 2024 - 10:32 AM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 10:31 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 10:53 AM

Please do this.

===================================================

Uninstalling Adobe Flash Player

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.
  • Download Adobe Flash Player Uninstaller and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Uninstall then Done to reboot your computer
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\AggregatorHost.exe
S3 BraveDevElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\elevation_service.exe" [X] 
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\elevation_service.exe" [X] 
Task: {154CA11F-A75A-4E24-95CA-188000E3F8DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File) 
Task: {64B0D50E-5DF5-4790-A0A3-AE88D8D662C4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File) 
Task: {4F7D5424-94F6-43CB-A7A2-01331D480964} - System32\Tasks\Lenovo\LenovoWelcomeTask => "C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe"  /task (No File) 
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
CustomCLSID: HKU\S-1-5-21-580658408-3019728016-3726230185-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll => No File 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ContextMenuHandlers1_S-1-5-21-580658408-3019728016-3726230185-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File 
ContextMenuHandlers4_S-1-5-21-580658408-3019728016-3726230185-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File 
FirewallRules: [{6850F157-E54D-49F0-BCCF-978CB2F9C360}] => (Allow) C:\Users\House of Blues\AppData\Local\GabAI\Dissenter\Application\dissenter.exe => No File 
FirewallRules: [{F3E719E1-EDD5-4850-82C4-906C7ED8B9A6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File 
FirewallRules: [{1AF5D41D-A31B-44EE-AF36-21F317EFA081}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File 
FirewallRules: [TCP Query User{CC269EAF-50DB-4572-BD26-A8940567C7FF}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File 
FirewallRules: [UDP Query User{C4D7254C-D610-4A1A-8ADA-3F275D3A75FC}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136] 
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> DefaultScope {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Flash Player uninstalled?
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 23 February 2024 - 04:33 PM

Hello Gary ,

 

Thanks for the quick response, your help is appreciated  :)

 

Flash player is uninstalled ..

 

Fixit log   >

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by House of Blues (24-02-2024 07:16:48) Run:1
Running from C:\Users\House of Blues\Downloads\bleeping
Loaded Profiles: House of Blues
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\System32\AggregatorHost.exe
S3 BraveDevElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser-Dev\Application\119.1.61.87\elevation_service.exe" [X]
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.161\elevation_service.exe" [X]
Task: {154CA11F-A75A-4E24-95CA-188000E3F8DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {64B0D50E-5DF5-4790-A0A3-AE88D8D662C4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\House of Blues\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {4F7D5424-94F6-43CB-A7A2-01331D480964} - System32\Tasks\Lenovo\LenovoWelcomeTask => "C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe"  /task (No File)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
CustomCLSID: HKU\S-1-5-21-580658408-3019728016-3726230185-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1_S-1-5-21-580658408-3019728016-3726230185-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-580658408-3019728016-3726230185-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\House of Blues\AppData\Local\Kingsoft\WPS Office\11.2.0.11513\office6\kwpsmenushellext64.dll -> No File
FirewallRules: [{6850F157-E54D-49F0-BCCF-978CB2F9C360}] => (Allow) C:\Users\House of Blues\AppData\Local\GabAI\Dissenter\Application\dissenter.exe => No File
FirewallRules: [{F3E719E1-EDD5-4850-82C4-906C7ED8B9A6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{1AF5D41D-A31B-44EE-AF36-21F317EFA081}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [TCP Query User{CC269EAF-50DB-4572-BD26-A8940567C7FF}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{C4D7254C-D610-4A1A-8ADA-3F275D3A75FC}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> DefaultScope {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
SearchScopes: HKU\S-1-5-21-580658408-3019728016-3726230185-1001 -> {7D3075BE-F8C0-4005-9561-7B258699DD32} URL =
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Windows\System32\AggregatorHost.exe ========================

C:\Windows\System32\AggregatorHost.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.4046.cat
File is digitally signed
MD5: 3C18A10A5B68BC3A0DD97F8BBAB8B41D
Creation and modification date: 2024-02-16 12:07 - 2024-02-16 12:07
Size: 000321536
Attributes: ----A
Company Name: Microsoft Windows ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKLM\System\CurrentControlSet\Services\BraveDevElevationService => removed successfully
BraveDevElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{154CA11F-A75A-4E24-95CA-188000E3F8DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{154CA11F-A75A-4E24-95CA-188000E3F8DB}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64B0D50E-5DF5-4790-A0A3-AE88D8D662C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64B0D50E-5DF5-4790-A0A3-AE88D8D662C4}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F7D5424-94F6-43CB-A7A2-01331D480964}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F7D5424-94F6-43CB-A7A2-01331D480964}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\LenovoWelcomeTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoWelcomeTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{972F90C9-6098-43C3-AF93-4F3D63A46AF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{972F90C9-6098-43C3-AF93-4F3D63A46AF0}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2" => removed successfully
HKU\S-1-5-21-580658408-3019728016-3726230185-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\          kwpsshellext => removed successfully
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\          kwpsshellext => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6850F157-E54D-49F0-BCCF-978CB2F9C360}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3E719E1-EDD5-4850-82C4-906C7ED8B9A6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AF5D41D-A31B-44EE-AF36-21F317EFA081}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC269EAF-50DB-4572-BD26-A8940567C7FF}C:\program files (x86)\paltalk messenger\paltalk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4D7254C-D610-4A1A-8ADA-3F275D3A75FC}C:\program files (x86)\paltalk messenger\paltalk.exe" => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-580658408-3019728016-3726230185-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-580658408-3019728016-3726230185-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D3075BE-F8C0-4005-9561-7B258699DD32} => removed successfully

========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /CheckHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.4046

No component store corruption detected.
The operation completed successfully.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 07:21:53 ====


#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 05:12 PM

Thank you.

The C:\WINDOWS\System32\AggregatorHost.exe is signed and legitimate.

The Fixlist found and repaired some corrupted files which is common. Everythng else looks good.

Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 23 February 2024 - 05:44 PM

Thanks again Gary.. :)

 

Good news about the AggregatorHost.exe , thank you !

Weird the signature doesn't show..

but I did read some articles about a number of "unsigned" files in System32..

and in spite of searching & reading stuff about this process..

I am still unsure about what it does ..

 

if it's not important.. can I uninstall/disable it for good ?

 

pcblues~

 

 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 08:45 PM

It is related to Windows Insider Program and is not necessary to have. You can delete it.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 23 February 2024 - 09:18 PM

Thanks Gary ... Happy to delete/uninstall , but being a system file would love to get some tips on how to do it safely.. Thanks in advance ... have a great weekend :) pcblues~

#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 09:21 PM

I think this will remove it. Try it and see.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CloseProcesses:
C:\WINDOWS\System32\AggregatorHost.exe
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#10 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 24 February 2024 - 08:18 PM

Hello again Gary ,

 

 

Thanks for the tip..  ran FRST as instructed ,

 

AggregatorHost.exe  no longer running in Task manager & gone from System32 folder

 

Did a search and it shows at:

 

FRST  > Quarantine > C >  Windows > System32tor as >  AggregatorHost.xBAD

 

and two copies of AggregatorHost.exe  at >

 

Win > amd64_microsoft-windows-u-client-aggregators

 

Should I delete it from > Win > amd64 location .. or forget about it

 

and be happy that its not active anymore..

 

 

Fixlog  >

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by House of Blues (25-02-2024 10:36:16) Run:2
Running from C:\Users\House of Blues\Downloads\bleeping
Loaded Profiles: House of Blues
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
C:\WINDOWS\System32\AggregatorHost.exe
End::
*****************

Processes closed successfully.
C:\WINDOWS\System32\AggregatorHost.exe => moved successfully


The system needed a reboot.

==== End of Fixlog 10:36:19 ====

 

 

 

 

-


#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 25 February 2024 - 09:53 AM

You can delete them if you want but it should be done via a FRST Fixlist. The computer will need to reboot in order to delete the files.

If you need a Fixlist run this.

===================================================

Farbar Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Type the following in the Search: box
AggregatorHost.exe
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Search.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#12 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 25 February 2024 - 07:37 PM

FRST search for AggregatorHost.exe

 

Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by House of Blues (26-02-2024 10:26:46)
Running from C:\Users\House of Blues\Downloads\bleeping
Boot Mode: Normal

================== Search Files: "AggregatorHost.exe" =============

C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\AggregatorHost.exe
[2024-02-16 12:07][2024-02-16 12:07] 000321536 _____ () 3C18A10A5B68BC3A0DD97F8BBAB8B41D [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\n\AggregatorHost.exe
[2024-02-16 11:56][2024-01-13 23:18] 000121228 _____ () 020D6B68FF2140BEA92FBF8C1EBFBB10 [File not signed]


====== End of Search ======


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 25 February 2024 - 08:07 PM

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CloseProcesses:
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\AggregatorHost.exe
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\n\AggregatorHost.exe
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#14 pcblues

pcblues
  • Topic Starter

  • Avatar image
  • Members
  • 174 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:01:58 PM

Posted 25 February 2024 - 10:04 PM

Hello Gary..

 

Here's the latest  FRST fixit log...

 

All in the "sin bin" now...

 

A question.. any way to stop getting it again with the next update..?.

 

Thank you !!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by House of Blues (26-02-2024 12:49:45) Run:3
Running from C:\Users\House of Blues\Downloads\bleeping
Loaded Profiles: House of Blues
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\AggregatorHost.exe
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\n\AggregatorHost.exe
End::
*****************

Processes closed successfully.
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\AggregatorHost.exe => moved successfully
C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.3996_none_e9152a2baa817266\n\AggregatorHost.exe => moved successfully


The system needed a reboot.

==== End of Fixlog 12:49:46 ====


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 08:50 AM

I don't know any way to stop it if it is included in an update. The file is not harmful so other than maybe your preference there is no need to remove it.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·