Ask a new question

Have I been hacked?

Hello,


I am suspecting that my computer has been infected, well my two computers now as this is a clean install on this machine, but it was done with an usb stick which might have been corrupted. Would anyone be able to have a look at my scans and kindly offer an opinion?

My PC also connected via svchost.exe to some unknown IP addresses belonging to Level3 Communications / Lumen

Please let me know if there is anything else I can provide you with. I have another computer that I believe to be the source of the malware but that one doesn't allow me to connect to the hospital's network (I am hospitalised for a period so this is my only connection available)

I can also provide Wireshark Capture.

I hope this is just me being paranoid because of an extensive isolation hehe.I suspect I have been hacked on a different machine and it has now jumped on this one too. I have messed around with some pirated games on my other PC and my PC has been acting a bit strange lately ... I could see some CMD appearing for a fraction of a second, spikes in temperature, unusual fan ramp up and most importantly the last thing that happened was an update called : May 24, 2023 - Windows configuration Update that somehow crippled my internet access and the same updated seem to have worked fine on this machine.

I will have to make a separate topic for my other machine as the internet connection was crippled via un update and I need to do a fresh install on that one ... Sadly I currently don't have the means to do a secure erase on the SSD's that are installed in that machine. I am currently hospitalised and I only have access to get a bootable USB to reinstall the Windows on it ... I am actually curious how it will behave on a clean boot.

I suspect that it has jumped via USB stick on this computer. Now with this machine I am most likely just being paranoid but since it is my backup machine and I don't know much about security, would be great if someone can have a look at my scans. Below you can see a screenshot of my PC connecting to these two IPs belonging to Level 3 Communications / Lumen and I am unsure if they are official data centres or just an ISP provider. And the rest are the scan results from FRST and AdwCleaner.

If anyone could have a look at those that would be much appreciated. I have so much stress with the hospital that hacked is the last thing to want to be hehe.

I will upload the Wireshark capture soon

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2023

Ran by User (administrator) on HP (HP HP EliteBook 830 G5) (18-09-2023 18:02:03)

Running from C:\Users\User\Downloads\FRST64.exe

Loaded Profiles: User

Platform: Microsoft Windows 11 Pro Version 22H2 22621.2283 (X64) Language: English (United Kingdom)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_2a3519c52621d0fe\HotKeyServiceUWP.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_2a3519c52621d0fe\LanWlanWwanSwitchingServiceUWP.exe

(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-281276394-282352661-3837250378-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4219448 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-281276394-282352661-3837250378-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [11788168 2023-09-12] (GlassWire -> SecureMix LLC)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {F5A1E4F8-EB25-4A8F-98C3-0B260B55E1A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2023-08-25] (HP Inc. -> HP Inc.)

Task: {FA0C4456-DDAD-4B64-B26D-F7E742EAA530} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-08-25] (HP Inc. -> HP Inc.)

Task: {71456468-3137-47A3-A931-ADC5594CA9A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145904 2023-08-25] (HP Inc. -> HP Inc.)

Task: {E453CAE4-C8A4-43CE-8B3F-16EDB76CAE2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145904 2023-08-25] (HP Inc. -> HP Inc.)

Task: {75C3C2C1-17A5-4C88-B5E2-E6027DBA58BA} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-16] (Microsoft Windows -> Microsoft Corporation)

Task: {C7527511-AC45-40CE-B83E-E2669C7BE5EF} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

Task: {9C0E05F0-F5CF-4726-9974-302365B74FDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {640EBE39-2321-4BF4-A6CD-6BDF7443EE95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {CAB9C22B-1D80-4996-8319-5C08544A933C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {72FBEB3E-11FD-4B36-BB56-213AA72C604F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {47EDFDE5-EEE5-4DA8-BAA6-4F63D0278819} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.255.10

Tcpip\..\Interfaces\{208a38a5-a28e-438c-a567-51a50df2e0b0}: [DhcpNameServer] 192.168.255.10

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18]

Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-16]

Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ApHidMonitorService; C:\Windows\system32\Alps\GlidePoint\HidMonitorSvc.exe [573520 2020-08-23] (ALPS ALPINE CO., LTD. -> ALPSALPINE CO., LTD.)

S2 CxAudioSvc; C:\Windows\CxSvc\CxAudioSvc.exe [81408 2021-08-25] (Conexant Systems LLC.) [File not signed]

S2 CxUtilSvc; C:\Windows\CxSvc\CxUtilSvc.exe [173880 2021-08-25] (Synaptics Incorporated -> Conexant Systems LLC.)

S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8217992 2023-09-12] (GlassWire -> SecureMix LLC)

R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_2a3519c52621d0fe\HotKeyServiceUWP.exe [1536456 2023-04-26] (HP Inc. -> HP Inc.)

R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [888768 2023-08-25] (HP Inc. -> HP Inc.)

R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [887184 2023-08-25] (HP Inc. -> HP Inc.)

R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [883088 2023-08-25] (HP Inc. -> HP Inc.)

R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887696 2023-08-25] (HP Inc. -> HP Inc.)

R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_2a3519c52621d0fe\LanWlanWwanSwitchingServiceUWP.exe [606664 2023-04-26] (HP Inc. -> HP Inc.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [1085280 2023-09-17] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ApPTPFilterService; C:\Windows\System32\drivers\ApPtpFiltr.sys [350424 2020-08-23] (ALPS ALPINE CO., LTD. -> ALPSALPINE CO., LTD.)

S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]

R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2023-09-12] (GlassWire -> SecureMix LLC)

R3 MpKsl7b2abe6b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{583D85D1-DFC0-49F3-A408-8C501142A7AA}\MpKslDrv.sys [222464 2023-09-18] (Microsoft Windows -> Microsoft Corporation)

R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)

R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2023-09-17] (Windscribe Limited -> The OpenVPN Project)

S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-16] (Microsoft Windows -> Microsoft Corporation)

S3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)

S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-16] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-16] (Microsoft Windows -> Microsoft Corporation)

S3 WindscribeSplitTunnel; C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2023-09-17] (Windscribe Limited -> )

R3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2023-09-17] (Windscribe Limited -> WireGuard LLC)

S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-18 18:02 - 2023-09-18 18:02 - 000011859 _____ C:\Users\User\Downloads\FRST.txt

2023-09-18 18:01 - 2023-09-18 18:02 - 000000000 ____D C:\FRST

2023-09-18 18:01 - 2023-09-18 18:01 - 002382848 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe

2023-09-18 18:00 - 2023-09-18 18:01 - 002382848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2023-09-18 17:57 - 2023-09-18 17:58 - 000000000 ____D C:\AdwCleaner

2023-09-18 17:56 - 2023-09-18 17:57 - 008791352 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner.exe

2023-09-18 17:56 - 2023-09-18 17:56 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog

2023-09-18 17:56 - 2023-09-18 17:56 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2023-09-18 17:56 - 2023-09-18 17:56 - 000000000 ____D C:\Windows\SysWOW64\Npcap

2023-09-18 17:56 - 2023-09-18 17:56 - 000000000 ____D C:\Windows\system32\Npcap

2023-09-18 17:56 - 2023-09-18 17:56 - 000000000 ____D C:\Program Files\USBPcap

2023-09-18 17:55 - 2023-09-18 17:56 - 000000000 ____D C:\Program Files\Wireshark

2023-09-18 17:55 - 2023-09-18 17:56 - 000000000 ____D C:\Program Files\Npcap

2023-09-18 17:50 - 2023-09-18 17:54 - 079164216 _____ (Wireshark development team) C:\Users\User\Downloads\Wireshark-win64-4.0.8.exe

2023-09-17 15:48 - 2023-09-17 23:48 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps

2023-09-17 08:10 - 2023-09-17 08:10 - 000000000 ____D C:\Users\User\AppData\Local\PeerDistRepub

2023-09-17 07:30 - 2023-09-17 07:30 - 000007611 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg

2023-09-17 07:02 - 2023-09-17 14:18 - 000000000 ____D C:\Program Files\Windscribe

2023-09-17 07:02 - 2023-09-17 07:02 - 000057768 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys

2023-09-17 07:02 - 2023-09-17 07:02 - 000047544 _____ (WireGuard LLC) C:\Windows\system32\Drivers\windtun420.sys

2023-09-17 07:02 - 2023-09-17 07:02 - 000038152 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys

2023-09-17 07:02 - 2023-09-17 07:02 - 000001058 _____ C:\Users\Public\Desktop\Windscribe.lnk

2023-09-17 07:02 - 2023-09-17 07:02 - 000000000 ____D C:\Users\User\AppData\Local\Windscribe

2023-09-17 07:02 - 2023-09-17 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe

2023-09-16 18:21 - 2023-09-16 18:22 - 000000000 ____D C:\Program Files (x86)\REALTEK

2023-09-16 18:20 - 2019-11-01 02:33 - 000004096 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\SigFile.exe

2023-09-16 18:17 - 2023-09-16 18:20 - 000000000 ____D C:\Program Files\Intel

2023-09-16 18:17 - 2023-09-16 18:18 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}

2023-09-16 18:17 - 2023-09-16 18:17 - 000000000 ____D C:\Windows\system32\Tasks\HP

2023-09-16 18:17 - 2023-09-16 18:17 - 000000000 ____D C:\Program Files (x86)\Intel

2023-09-16 17:53 - 2023-09-16 17:53 - 000000000 ____D C:\hp

2023-09-16 17:43 - 2023-09-16 17:48 - 000000000 ____D C:\Users\User\Downloads\HP Downloads

2023-09-16 17:41 - 2023-09-16 19:22 - 000000000 ____D C:\Program Files\HP

2023-09-16 17:41 - 2023-09-16 18:23 - 000000000 ____D C:\SWSetup

2023-09-16 17:41 - 2023-09-16 17:53 - 000000000 ____D C:\ProgramData\HP

2023-09-16 17:41 - 2023-09-16 17:41 - 000000000 ____D C:\Users\User\AppData\Roaming\HP

2023-09-16 17:41 - 2023-09-16 17:41 - 000000000 ____D C:\system.sav

2023-09-16 17:41 - 2023-09-16 17:41 - 000000000 ____D C:\Program Files (x86)\HP

2023-09-16 17:34 - 2023-09-18 17:58 - 000000000 ____D C:\ProgramData\Hewlett-Packard

2023-09-16 17:33 - 2023-09-17 14:19 - 000000000 ____D C:\Windows\system32\Tasks\Hewlett-Packard

2023-09-16 17:32 - 2023-09-16 17:41 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard

2023-09-16 17:32 - 2023-09-16 17:32 - 006434896 _____ (Oleg N. Scherbakov) C:\Users\User\Downloads\HPSupportSolutionsFramework-12.19.53.13.exe

2023-09-16 17:31 - 2023-09-16 17:40 - 179214832 _____ (HP Inc.) C:\Users\User\Downloads\sp148716.exe

2023-09-16 14:19 - 2023-09-16 14:19 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder

2023-09-16 14:02 - 2023-09-16 14:03 - 020803424 _____ (Windscribe Limited) C:\Users\User\Downloads\Windscribe_2.6.14.exe

2023-09-16 11:17 - 2023-09-16 11:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\MMC

2023-09-16 11:15 - 2023-09-16 11:16 - 000000000 ____D C:\Users\User\AppData\Local\glasswire

2023-09-16 11:15 - 2023-09-16 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire

2023-09-16 11:15 - 2023-09-16 11:15 - 000000000 ____D C:\ProgramData\glasswire

2023-09-16 11:15 - 2023-09-16 11:15 - 000000000 ____D C:\Program Files (x86)\GlassWire

2023-09-16 11:15 - 2023-09-12 12:04 - 000033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys

2023-09-16 11:15 - 2023-09-12 12:04 - 000008392 _____ C:\Windows\system32\Drivers\gwdrv.cat

2023-09-16 11:14 - 2023-09-18 17:55 - 000000000 ____D C:\ProgramData\Package Cache

2023-09-16 11:05 - 2023-09-16 11:09 - 083300104 _____ (SecureMix LLC) C:\Users\User\Downloads\GlassWireSetup.exe

2023-09-16 10:17 - 2022-06-22 15:30 - 011829616 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys

2023-09-16 09:53 - 2023-09-16 09:55 - 000000000 ___HD C:\$WinREAgent

2023-09-16 09:52 - 2023-09-16 17:33 - 000000000 ____D C:\Users\User\AppData\Local\HP

2023-09-16 09:52 - 2020-08-25 23:40 - 048039808 _____ (Intel Corporation) C:\Windows\system32\IntelSSTPreprocStreamer.dll

2023-09-16 09:52 - 2020-08-25 23:40 - 001678920 _____ (Intel Corporation) C:\Windows\system32\MultiChannelWoV.dll

2023-09-16 09:52 - 2020-08-25 23:40 - 000870272 _____ (Intel Corporation) C:\Windows\system32\IntelWovSDK.dll

2023-09-16 09:52 - 2020-08-25 23:40 - 000499568 _____ (Intel Corporation) C:\Windows\system32\MultichannelWoVCfg.dll

2023-09-16 09:51 - 2023-09-16 09:51 - 000000000 ____D C:\Windows\CxSvc

2023-09-16 09:51 - 2023-09-16 09:51 - 000000000 ____D C:\Users\User\AppData\Local\Conexant

2023-09-16 09:51 - 2023-09-16 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos

2023-09-16 09:51 - 2021-08-25 20:13 - 000177976 _____ (Synaptics Incorporated) C:\Windows\system32\SynaMonApp.exe

2023-09-16 09:51 - 2021-08-25 20:13 - 000002988 _____ C:\Windows\system32\SynaMonApp.xml

2023-09-16 09:49 - 2023-09-16 09:49 - 000000000 ____D C:\Windows\system32\cAVS

2023-09-16 09:49 - 2020-08-25 23:40 - 000844384 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcOED.sys

2023-09-16 09:46 - 2023-09-16 09:46 - 000000000 ____D C:\Windows\UCI

2023-09-16 09:46 - 2023-09-16 09:46 - 000000000 ____D C:\ProgramData\Conexant

2023-09-16 09:46 - 2020-07-02 23:43 - 002938448 _____ (Conexant) C:\Windows\system32\MicTray64.exe

2023-09-16 09:46 - 2020-07-02 23:43 - 000002988 _____ C:\Windows\system32\MicTray64.xml

2023-09-16 09:46 - 2019-07-19 18:05 - 000008668 _____ C:\Windows\system32\cxapo.prop

2023-09-16 09:45 - 2023-09-16 09:51 - 001705080 _____ (TODO: <Company name>) C:\Windows\SysWOW64\RebootPrompt.exe

2023-09-16 09:45 - 2023-09-16 09:51 - 000000000 ____D C:\Program Files\CONEXANT

2023-09-16 09:45 - 2023-09-16 09:45 - 000000000 ____D C:\ProgramData\UIU

2023-09-16 09:45 - 2023-09-16 09:45 - 000000000 ____D C:\ProgramData\SoundResearch

2023-09-16 09:45 - 2021-12-21 23:18 - 007438976 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A231.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 002521920 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64ISST.sys

2023-09-16 09:45 - 2021-12-21 23:18 - 001554592 _____ (Synaptics Incorporated) C:\Windows\system32\CX64APOMIX.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001542728 _____ (Synaptics Inc.) C:\Windows\system32\CX64Proxy.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001518448 _____ (Synaptics Incorporated.) C:\Windows\system32\CX64APO.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001421056 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001420840 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001318416 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001213912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001079640 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 001062528 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 000969248 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEAPO32.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 000914928 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDRA32.dll

2023-09-16 09:45 - 2021-12-21 23:18 - 000716344 _____ (Conexant Systems, Inc.) C:\Windows\system32\CX64APO2.dll

2023-09-16 09:45 - 2016-09-20 13:51 - 000004664 _____ C:\Windows\system32\Drivers\CxSfPt.dat

2023-09-16 09:32 - 2020-08-25 23:40 - 000270200 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcAudioBus.sys

2023-09-16 09:21 - 2023-09-16 09:21 - 000000000 ____D C:\Users\User\AppData\Local\OneDrive

2023-09-16 09:20 - 2023-09-16 09:20 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore

2023-09-16 09:11 - 2021-01-20 23:58 - 019816336 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPRes.dll

2023-09-16 09:11 - 2021-01-20 23:58 - 004287888 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnh.exe

2023-09-16 09:11 - 2021-01-20 23:58 - 000762256 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys

2023-09-16 09:11 - 2021-01-20 23:58 - 000342416 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnhService.exe

2023-09-16 09:11 - 2021-01-20 23:58 - 000275344 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll

2023-09-16 09:11 - 2021-01-20 23:57 - 000810384 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll

2023-09-16 09:08 - 2023-09-17 18:33 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles

2023-09-16 09:08 - 2023-09-17 18:33 - 000000000 ____D C:\Intel

2023-09-16 09:08 - 2023-09-16 18:18 - 000000000 ____D C:\ProgramData\Intel

2023-09-16 09:08 - 2023-09-16 09:08 - 000000000 ____D C:\Windows\Firmware

2023-09-16 09:08 - 2023-09-16 09:08 - 000000000 ____D C:\Users\User\AppData\LocalLow\Intel

2023-09-16 09:08 - 2023-09-16 09:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2023-09-16 09:08 - 2023-09-16 09:08 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin

2023-09-16 09:07 - 2023-04-26 04:44 - 001452272 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll

2023-09-16 09:07 - 2023-04-26 04:44 - 001452272 _____ C:\Windows\system32\vulkan-1.dll

2023-09-16 09:07 - 2023-04-26 04:44 - 001165552 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll

2023-09-16 09:07 - 2023-04-26 04:44 - 001165552 _____ C:\Windows\SysWOW64\vulkan-1.dll

2023-09-16 09:04 - 2023-09-16 09:49 - 000000000 ____D C:\Windows\system32\Intel

2023-09-16 09:04 - 2019-05-09 19:49 - 000185232 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_I2C.sys

2023-09-16 09:04 - 2019-05-09 19:49 - 000095632 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_GPIO2.sys

2023-09-16 09:04 - 2018-12-14 13:47 - 000403440 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys

2023-09-16 09:04 - 2018-12-14 13:47 - 000075248 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys

2023-09-16 08:46 - 2023-09-16 08:46 - 000000000 ____D C:\ProgramData\Realtek

2023-09-16 08:43 - 2019-10-24 21:42 - 005291976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll

2023-09-16 08:42 - 2018-12-14 13:47 - 000078832 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_acpi.sys

2023-09-16 08:38 - 2023-09-18 08:33 - 000000000 ____D C:\Windows\Panther

2023-09-16 08:34 - 2023-09-16 08:34 - 000000000 ____D C:\Windows\system32\Alps

2023-09-16 08:34 - 2020-08-23 22:45 - 000350424 _____ (ALPSALPINE CO., LTD.) C:\Windows\system32\Drivers\ApPtpFiltr.sys

2023-09-16 08:28 - 2023-09-16 08:29 - 000000000 ____D C:\Windows\system32\MRT

2023-09-16 08:27 - 2023-09-16 08:27 - 000000000 ____D C:\Users\User\AppData\Local\Comms

2023-09-16 08:16 - 2023-09-16 09:17 - 000000000 ____D C:\Users\User\AppData\Local\Publishers

2023-09-16 08:01 - 2023-09-16 08:12 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-281276394-282352661-3837250378-1001

2023-09-16 08:01 - 2023-09-16 08:12 - 000003348 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-281276394-282352661-3837250378-1001

2023-09-16 08:01 - 2023-09-16 08:12 - 000002376 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-09-16 08:01 - 2023-09-16 08:01 - 000000000 ___RD C:\Users\User\OneDrive

2023-09-16 08:01 - 2023-09-16 08:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2023-09-16 08:00 - 2023-09-16 08:00 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Vault

2023-09-16 07:59 - 2023-09-16 19:22 - 000000000 ____D C:\Users\User\AppData\Local\Packages

2023-09-16 07:59 - 2023-09-16 14:01 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Protect

2023-09-16 07:59 - 2023-09-16 08:08 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache

2023-09-16 07:59 - 2023-09-16 07:59 - 000000020 ___SH C:\Users\User\ntuser.ini

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 __RHD C:\Users\Public\AccountPictures

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\SystemCertificates

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Crypto

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Credentials

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Network

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe

2023-09-16 07:59 - 2023-09-16 07:59 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform

2023-09-16 07:58 - 2023-09-16 14:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Spelling

2023-09-16 07:58 - 2023-09-16 07:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows

2023-09-16 07:50 - 2023-09-17 18:41 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI

2023-09-16 07:44 - 2023-09-16 07:44 - 000000000 ____D C:\Windows\CSC

2023-09-16 07:42 - 2023-09-16 19:24 - 000000000 ____D C:\ProgramData\Packages

2023-09-16 07:42 - 2023-09-16 11:04 - 000001575 _____ C:\Windows\system32\config\VSMIDK

2023-09-16 07:42 - 2023-09-16 07:42 - 000000000 _SHDL C:\Documents and Settings

2023-09-16 07:39 - 2023-09-16 08:50 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2023-09-16 07:39 - 2023-09-16 08:50 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2023-09-16 07:39 - 2023-09-16 08:15 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-09-16 07:39 - 2023-09-16 08:15 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-09-16 07:39 - 2023-09-16 07:39 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2023-09-16 07:38 - 2023-09-18 17:31 - 000000000 ____D C:\Windows\system32\SleepStudy

2023-09-16 07:38 - 2023-09-17 18:33 - 000326832 _____ C:\Windows\system32\FNTCACHE.DAT

2023-09-16 07:38 - 2023-09-17 18:33 - 000012288 ___SH C:\DumpStack.log.tmp

2023-09-16 07:38 - 2023-09-17 18:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2023-09-16 07:38 - 2023-09-16 10:20 - 000000000 ____D C:\Windows\system32\Drivers\wd

2023-09-16 07:38 - 2023-09-16 07:38 - 000000000 ____D C:\Windows\system32\config\BFS

2023-09-16 07:38 - 2023-09-16 07:38 - 000000000 ____D C:\Windows\ServiceProfiles

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-18 17:56 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp

2023-09-18 17:56 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF

2023-09-18 08:33 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-09-17 18:34 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\LiveKernelReports

2023-09-17 18:33 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState

2023-09-17 18:27 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI

2023-09-17 08:25 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate

2023-09-17 08:10 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp

2023-09-16 19:27 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps

2023-09-16 19:27 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness

2023-09-16 10:20 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender

2023-09-16 10:14 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\AppLocker

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\WUModels

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\UUS

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\setup

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\Dism

2023-09-16 10:11 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES

2023-09-16 10:10 - 2022-05-07 11:16 - 000000000 ___SD C:\Windows\system32\AppV

2023-09-16 10:10 - 2022-05-07 11:16 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\PrintDialog

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemApps

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\vi-VN

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Sgrm

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\setup

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\migwiz

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\lv-LV

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\lt-LT

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\id-ID

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\gl-ES

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\eu-ES

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\et-EE

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\es-MX

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Dism

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\DDFs

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\ca-ES

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\PolicyDefinitions

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr

2023-09-16 10:10 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\appcompat

2023-09-16 10:10 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\servicing

2023-09-16 09:51 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase

2023-09-16 09:50 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData

2023-09-16 08:37 - 2022-05-07 06:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2023-09-16 08:26 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecurityHealth

2023-09-16 07:44 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\spool

2023-09-16 07:39 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM

==================== Files in the root of some directories ========

2023-09-17 07:30 - 2023-09-17 07:30 - 000007611 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== SigCheckExt =========================

2022-12-08 10:02 - 2022-12-08 10:02 - 000012704 _____ (Intel(R) Corporation) C:\Windows\SysWOW64\IusEventLog.dll

2023-09-16 18:20 - 2019-11-01 02:33 - 000004096 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\SigFile.exe

2023-09-18 18:01 - 2023-09-18 18:01 - 002382848 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe

2023-09-18 18:00 - 2023-09-18 18:01 - 002382848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== BCD ================================

Firmware Boot Manager

---------------------

identifier {fwbootmgr}

displayorder {bootmgr}

{9480dd72-5463-11ee-a89f-dfb01e53c0e7}

{9480dd64-5463-11ee-a89f-dfb01e53c0e7}

{9480dd65-5463-11ee-a89f-dfb01e53c0e7}

{9480dd66-5463-11ee-a89f-dfb01e53c0e7}

{9480dd67-5463-11ee-a89f-dfb01e53c0e7}

{9480dd68-5463-11ee-a89f-dfb01e53c0e7}

{9480dd69-5463-11ee-a89f-dfb01e53c0e7}

{9480dd6a-5463-11ee-a89f-dfb01e53c0e7}

{9480dd6b-5463-11ee-a89f-dfb01e53c0e7}

{9480dd6c-5463-11ee-a89f-dfb01e53c0e7}

{9480dd6d-5463-11ee-a89f-dfb01e53c0e7}

{9480dd6e-5463-11ee-a89f-dfb01e53c0e7}

timeout 0

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=\Device\HarddiskVolume1

path \EFI\Microsoft\Boot\bootmgfw.efi

description Windows Boot Manager

locale en-GB

inherit {globalsettings}

default {current}

resumeobject {9480dd73-5463-11ee-a89f-dfb01e53c0e7}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

Firmware Application (101fffff)

-------------------------------

identifier {9480dd64-5463-11ee-a89f-dfb01e53c0e7}

description Startup Menu

Firmware Application (101fffff)

-------------------------------

identifier {9480dd65-5463-11ee-a89f-dfb01e53c0e7}

description System Information

Firmware Application (101fffff)

-------------------------------

identifier {9480dd66-5463-11ee-a89f-dfb01e53c0e7}

description Bios Setup

Firmware Application (101fffff)

-------------------------------

identifier {9480dd67-5463-11ee-a89f-dfb01e53c0e7}

description 3rd Party Option ROM Management

Firmware Application (101fffff)

-------------------------------

identifier {9480dd68-5463-11ee-a89f-dfb01e53c0e7}

description System Diagnostics

Firmware Application (101fffff)

-------------------------------

identifier {9480dd69-5463-11ee-a89f-dfb01e53c0e7}

description System Diagnostics

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6a-5463-11ee-a89f-dfb01e53c0e7}

description System Diagnostics

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6b-5463-11ee-a89f-dfb01e53c0e7}

description System Diagnostics

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6c-5463-11ee-a89f-dfb01e53c0e7}

description Boot Menu

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6d-5463-11ee-a89f-dfb01e53c0e7}

description HP Recovery

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6e-5463-11ee-a89f-dfb01e53c0e7}

description Network Boot

Firmware Application (101fffff)

-------------------------------

identifier {9480dd6f-5463-11ee-a89f-dfb01e53c0e7}

description IPV6 Network

Firmware Application (101fffff)

-------------------------------

identifier {9480dd70-5463-11ee-a89f-dfb01e53c0e7}

description IPV6 Network - Intel(R) Ethernet Connection (4) I219-LM

Firmware Application (101fffff)

-------------------------------

identifier {9480dd72-5463-11ee-a89f-dfb01e53c0e7}

description USB:

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \Windows\system32\winload.efi

description Windows 11

locale en-GB

inherit {bootloadersettings}

recoverysequence {9480dd75-5463-11ee-a89f-dfb01e53c0e7}

displaymessageoverride Recovery

recoveryenabled Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

osdevice partition=C:

systemroot \Windows

resumeobject {9480dd73-5463-11ee-a89f-dfb01e53c0e7}

nx OptIn

bootmenupolicy Standard

Windows Boot Loader

-------------------

identifier {9480dd75-5463-11ee-a89f-dfb01e53c0e7}

device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{9480dd76-5463-11ee-a89f-dfb01e53c0e7}

path \windows\system32\winload.efi

description Windows Recovery Environment

locale en-gb

inherit {bootloadersettings}

displaymessage Recovery

osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{9480dd76-5463-11ee-a89f-dfb01e53c0e7}

systemroot \windows

nx OptIn

bootmenupolicy Standard

winpe Yes

Resume from Hibernate

---------------------

identifier {9480dd73-5463-11ee-a89f-dfb01e53c0e7}

device partition=C:

path \Windows\system32\winresume.efi

description Windows Resume Application

locale en-GB

inherit {resumeloadersettings}

recoverysequence {9480dd75-5463-11ee-a89f-dfb01e53c0e7}

recoveryenabled Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

filedevice partition=C:

custom:21000026 partition=C:

filepath \hiberfil.sys

bootmenupolicy Standard

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=\Device\HarddiskVolume1

path \EFI\Microsoft\Boot\memtest.efi

description Windows Memory Diagnostic

locale en-GB

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems No

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Local

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {9480dd76-5463-11ee-a89f-dfb01e53c0e7}

description Windows Recovery

ramdisksdidevice partition=\Device\HarddiskVolume4

ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2023 Ran by User (18-09-2023 18:04:09) Running from C:\Users\User\Downloads Microsoft Windows 11 Pro Version 22H2 22621.2283 (X64) (2023-09-16 06:42:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-281276394-282352661-3837250378-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-281276394-282352661-3837250378-503 - Limited - Disabled) Guest (S-1-5-21-281276394-282352661-3837250378-501 - Limited - Disabled) User (S-1-5-21-281276394-282352661-3837250378-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-281276394-282352661-3837250378-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Bang & Olufsen Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.278.150 - Conexant) GlassWire 3.3 (remove only) (HKLM-x32\...\GlassWire 3.3) (Version: 3.3.517 - SecureMix LLC) Intel(R) Chipset Device Software (HKLM\...\{4A121459-D3F8-4908-A474-96D45641E357}) (Version: 10.1.18243.8188 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2313.4.16.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{6A16D17C-1F3D-4BB8-ACFE-ACB373C96D11}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{C2492DBC-1733-4CF9-AF8C-63EC77DA7942}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{1B837123-92FE-4BBC-8BE1-1CE69EC78936}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.66.712.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.66.712.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{b6e20498-6533-4bb9-8102-77ace49ffe78}) (Version: 1.66.712.0 - Intel Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.31 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-281276394-282352661-3837250378-1001\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft VC++ redistributables repacked. (HKLM\...\{8F69E094-110C-41C1-8017-A1643C6A68A9}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft VC++ redistributables repacked. (HKLM-x32\...\{0117C91D-E81E-4C19-BD1C-22CFCBD2A332}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project) USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon) Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.6.14 - Windscribe Limited) Wireshark 4.0.8 64-bit (HKLM-x32\...\Wireshark) (Version: 4.0.8 - The Wireshark developer community, hxxps://www.wireshark.org) Packages: ========= AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-16] (INTEL CORP) [Startup Task] Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.29.24.0_x64__v10z8vjag6ke6 [2023-09-16] (HP Inc.) HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.39.0_x64__v10z8vjag6ke6 [2023-09-16] (HP Inc.) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Studios) [MS Ad] Synaptics Touchpad Settings Manager – Commercial -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPCommercialDApp_19005.9027.0.0_x64__807d65c4rvak2 [2023-09-16] (Synaptics Incorporated) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-16] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-281276394-282352661-3837250378-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.255.10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Local Area Connection 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) WiFi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Local Area Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-281276394-282352661-3837250378-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2FB9C7E4-CC0C-46E4-B4B0-2AEBDDABD9C2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0B18C357-DB69-4C12-B10B-0799A085FE4E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6F2944E2-F350-44AA-A9E5-085653434D3B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{288ED65D-DEAF-4BBC-BF0F-544C302B1BBA}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{EEC7D548-8185-46D2-8F93-A07ABD734350}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{CA07327D-C8D2-4AF5-B695-653A87990224}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{408E238F-3FE4-44A7-8210-5522FA616C01}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{7F28EC34-1BCE-490C-AE97-A2A2ED2EFB6D}] => (Allow) c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\searchhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{93CF2A4E-60F1-48D7-895C-F40AF66089E3}] => (Allow) c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\searchhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7F8DECC9-C2DF-43F3-B2B9-16D401FD50E4}] => (Allow) c:\program files\windowsapps\microsoftwindows.client.webexperience_423.23500.0.0_x64__cw5n1h2txyewy\dashboard\widgets.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C8FC7E5D-32D8-4CD9-962E-83A11BF64DE7}] => (Allow) c:\program files\windowsapps\microsoftwindows.client.webexperience_423.23500.0.0_x64__cw5n1h2txyewy\dashboard\widgets.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F592ABD9-3699-4F59-9021-FD9ED399AC04}] => (Allow) c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DBBED238-C989-42D4-84A5-C56213B15B17}] => (Allow) c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3FE4198A-6EA6-414D-B420-0DF743BB2513}] => (Allow) c:\program files\windowsapps\microsoftteams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EDBF97B4-74B3-407E-83E6-271F6D097119}] => (Allow) c:\program files\windowsapps\microsoftteams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4C8D3681-7664-43CD-9FE1-9777B33F6BB5}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EADADA10-CDA1-4B3B-96E3-D6A768748864}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{00BCF254-DAAF-4CDF-BCB7-CA391D6B73F4}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A9BA1FC6-A09C-4EA6-9A29-ADE6EC230C26}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{42AB7B35-0651-45D5-A9C2-84511DCBB0C2}] => (Allow) c:\windows\systemapps\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\startmenuexperiencehost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{75DF46B8-D7B4-4653-8E36-41E087DC3FBF}] => (Allow) c:\windows\systemapps\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\startmenuexperiencehost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8BCD529B-E533-4DD5-9FE3-FC266F212BC5}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{697CEB0E-FDAA-4347-901A-6A1348C19B2A}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{180A9CA1-F4F0-4613-BA98-10253ED1214B}] => (Allow) c:\windows\uus\packages\preview\amd64\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2A650958-AF3F-46D1-9AB8-143A05CA15C3}] => (Allow) c:\windows\uus\packages\preview\amd64\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8DCD8BB1-318C-4F0A-B1DB-5B53D1B7CA85}] => (Allow) c:\program files\windowsapps\microsoftteams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CF68A384-B5AE-40C3-B954-02E09736FCD3}] => (Allow) c:\program files\windowsapps\microsoftteams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3B005F39-E500-4E26-B755-B88E92DB3859}] => (Allow) c:\windows\system32\rundll32.exe FirewallRules: [{06E5CF7E-E5C5-4926-A7B4-54638AB73DBE}] => (Allow) c:\windows\system32\rundll32.exe FirewallRules: [{B3616573-BB33-4922-89FC-554AAA5F2F39}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{879F4052-2E72-46DE-951A-981DF93AE08F}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DA86E1AD-8575-4E6E-B17D-D8B92D168752}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe => No File FirewallRules: [{A8E3F54C-D60C-4F33-BFFC-E980496A1F5B}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe => No File FirewallRules: [{BF3DE78D-4119-4B63-8882-1BE2DC8A7F7A}] => (Allow) c:\users\user\appdata\local\temp\7zipsfx.000\hpsupportsolutionsframework.exe => No File FirewallRules: [{69E4CD49-1BBA-401B-97ED-850CB74987C5}] => (Allow) c:\users\user\appdata\local\temp\7zipsfx.000\hpsupportsolutionsframework.exe => No File FirewallRules: [{E52EB376-9DA3-433E-935D-9E6B6BD39006}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpwpd.exe => No File FirewallRules: [{D65BA473-66C3-4C41-AC72-56E1A491D0CD}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpwpd.exe => No File FirewallRules: [{CEC7C272-645A-49D7-80F5-537947D4356C}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe => No File FirewallRules: [{9817F085-DC55-48BA-AF90-F4BA3058679C}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe => No File FirewallRules: [{DE72429A-D57D-4E4A-8DF6-6E505F59487F}] => (Allow) c:\swsetup\sp148716\setup.exe (HP Inc. -> HP Inc.) FirewallRules: [{C4DACAB1-B3E7-4785-9D69-A78AA27906F4}] => (Allow) c:\swsetup\sp148716\setup.exe (HP Inc. -> HP Inc.) FirewallRules: [{F10A8D07-D0D3-48A4-84F5-0DDFF1B6F319}] => (Allow) c:\program files\hp\hp enabling services\bridgecommunication.exe (HP Inc. -> HP Inc.) FirewallRules: [{CF39A8D7-2CD6-4B3E-958A-CD3A2E4F29B7}] => (Allow) c:\program files\hp\hp enabling services\bridgecommunication.exe (HP Inc. -> HP Inc.) FirewallRules: [{A3069BB1-D9F7-4E7C-BF7E-1C8EF5F02468}] => (Allow) c:\windows\syswow64\rundll32.exe FirewallRules: [{8D7BBF57-4B60-4A82-8CE6-7C27D58B2485}] => (Allow) c:\windows\syswow64\rundll32.exe FirewallRules: [{E07CDE9D-6061-42F2-817D-A72FB7948A49}] => (Allow) c:\program files (x86)\hp\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe (HP Inc. -> HP Inc.) FirewallRules: [{D216B9CE-C894-41E5-86CB-918316B73F3A}] => (Allow) c:\program files (x86)\hp\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe (HP Inc. -> HP Inc.) FirewallRules: [{27BA5DD6-18A0-4ED3-BD54-00777CF48371}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{70384727-1F75-4BAE-9478-479C89EE55A6}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CEAA51A9-87C7-4D6D-898E-4E20F4D65373}] => (Allow) c:\program files (x86)\hp\hp support framework\modules\hpdia.exe (HP Inc. -> HP Inc.) FirewallRules: [{83C6C0FD-5271-499D-8E93-18ECF60F88A7}] => (Allow) c:\program files (x86)\hp\hp support framework\modules\hpdia.exe (HP Inc. -> HP Inc.) FirewallRules: [{328B8593-AD2B-43DC-9F01-6CE5A7931CB2}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5F68252E-570A-454C-A755-77190C20CBD8}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{406ED067-1315-43A8-A805-B9DCECC38B30}] => (Allow) c:\program files (x86)\hp\hp support framework\resources\hpupdate\hpupdate.exe (HP Inc. -> HP Inc.) FirewallRules: [{7E7EDB56-63B3-4A6E-B8B2-2EFA300C7BF4}] => (Allow) c:\program files (x86)\hp\hp support framework\resources\hpupdate\hpupdate.exe (HP Inc. -> HP Inc.) FirewallRules: [{BBDB4562-67B7-48F8-B880-4383AD28403F}] => (Allow) c:\program files (x86)\hp\hp support framework\modules\hpwpd.exe (HP Inc. -> HP Inc.) FirewallRules: [{4DD05F6A-6369-4F0A-8A17-8426B4E4A290}] => (Allow) c:\program files (x86)\hp\hp support framework\modules\hpwpd.exe (HP Inc. -> HP Inc.) FirewallRules: [{8CF6D914-C092-4951-AD17-E548D9ED0C43}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22307.1401.7.0_x64__8wekyb3d8bbwe\winstore.app.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D0142917-27A6-4CEA-BC73-42B6947229E1}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22307.1401.7.0_x64__8wekyb3d8bbwe\winstore.app.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A3ECBDE1-FF4E-4C73-86C5-135B24A0FDD2}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.17.10691.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe => No File FirewallRules: [{8D0F24DC-D34A-4FB4-9F8B-7B3EDDABE30B}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.17.10691.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe => No File FirewallRules: [{3B8A68B7-BB25-4B44-8F42-D86767AD60A5}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D32579CD-9B73-4943-9A77-7CE29DC905CF}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A9B5D7C8-06C4-4632-9D0F-ACF21DA28917}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{19E0A294-F8B4-46EB-8D34-7B9800CE3B9C}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FDEE1B37-2D15-4FA9-BD98-5D271853312C}] => (Allow) c:\program files\windowsapps\ad2f1837.hpsupportassistant_9.29.24.0_x64__v10z8vjag6ke6\www\hpsf\resources\warrantyobjectchecker.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{C18E6B54-DD4D-488A-A610-3EE088ACC7B6}] => (Allow) c:\program files\windowsapps\ad2f1837.hpsupportassistant_9.29.24.0_x64__v10z8vjag6ke6\www\hpsf\resources\warrantyobjectchecker.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{22980D01-1624-4EC6-BDC6-142B38330127}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21564.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3612F50-DA67-46FC-820B-9ABF9A6EE8DD}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21564.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{03346F30-D160-4D1B-BB08-BDFDC05B342D}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E26471B3-A7C8-4806-ABF0-94559F937D56}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{56ED111B-CB78-4726-81E7-5910E16729FB}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9E6DD147-6AB2-49B1-8CD5-B2CBFFFC5E13}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3A4F760E-AFFB-4CCC-AEB9-CB835A35FF3A}] => (Allow) c:\program files\windscribe\windscribeservice.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{66E09B05-FEB5-405A-A47F-9AFB5BB2085F}] => (Allow) c:\program files\windscribe\windscribeservice.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{6E237335-0F01-4DE0-8B6A-2143563C6D2D}] => (Allow) c:\program files\windscribe\windscribe.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{5234BEDE-93D3-4DBE-B4DF-077BCF4FE734}] => (Allow) c:\program files\windscribe\windscribe.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{486B315F-8ADE-477B-85EF-0FBA94D0B868}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3E058CC1-8ACC-4430-BE8F-E426F357ADA2}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{1A994442-D816-4314-AA68-3585763A86EB}] => (Allow) c:\program files\windscribe\wireguardservice.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{2B709A65-D301-46B7-AAE9-5A95482167D4}] => (Allow) c:\program files\windscribe\wireguardservice.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{65078F3B-AA06-492A-9112-260E990EF083}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.20.2201.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe (Microsoft Corporation -> ) FirewallRules: [{1F14DBF0-A74C-4508-AF28-490BF5231DE3}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.20.2201.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe (Microsoft Corporation -> ) FirewallRules: [{0B066012-DDE5-462F-9D49-8FC889B1CE1E}] => (Allow) c:\users\user\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{780861E0-A2E5-439B-A67F-7A42405A8D91}] => (Allow) c:\users\user\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{00C00177-800B-47D8-800C-7D57A08251D5}] => (Allow) c:\users\user\appdata\local\microsoft\onedrive\23.180.0828.0001\microsoft.sharepoint.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5656CFCF-0AD2-4D55-A0D1-16AA7F970BEE}] => (Allow) c:\users\user\appdata\local\microsoft\onedrive\23.180.0828.0001\microsoft.sharepoint.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{85888C3F-FE79-42CD-923D-B64EAC124944}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{05D8A89E-E9C8-4D33-B04B-1E682BA1FE21}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4AD9750A-A4DB-4BC2-A540-569DC2514667}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8CAA49F5-9C39-47E9-911C-2AE258363222}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4572205D-C026-42DA-BA2E-21284BBDAEDE}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FB753807-591E-4B1A-AD5A-642354FB3996}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{48A9506A-8F29-439C-A341-4D4CCE6008F5}] => (Allow) c:\users\user\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes) FirewallRules: [{DF167B79-D3DB-461C-9A49-750101052F1E}] => (Allow) c:\users\user\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes) ==================== Restore Points ========================= 18-09-2023 17:55:36 Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 18-09-2023 17:58:15 AdwCleaner_BeforeCleaning_18/09/2023_17:58:15 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/17/2023 11:48:25 PM) (Source: Application Error) (EventID: 1000) (User: HP) Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process ID: 0x0x2178 Faulting application start time: 0x0x1d9e9b9114498c6 Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report ID: d30916fa-9961-459a-8c48-2319a7ddc136 Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/17/2023 03:48:55 PM) (Source: Application Error) (EventID: 1000) (User: HP) Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548 Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3 Exception code: 0xc0000409 Fault offset: 0x000000000007f61e Faulting process ID: 0x0x2cdc Faulting application start time: 0x0x1d9e97614fddb77 Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report ID: f051f17d-ca0f-4993-88f8-900fa754606b Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe Faulting package-relative application ID: msteamsupdate Error: (09/16/2023 07:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program WindowsPackageManagerServer.exe version 1.17.2203.10001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (09/16/2023 07:57:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (09/16/2023 07:57:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. DETAIL - Access is denied. Error: (09/16/2023 07:46:58 AM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY) Description: SCEP Certificate enrollment for WORKGROUP\DESKTOP-BFLAL9I$ via https://IFX-KeyId-37ae346baa54c513cff0290bb321a22a34a4a8c4.microsoftaik.azure.net/templates/Aik/scep failed: PkiStatus(11): SCEPDispositionPendingChallenge EnrollStatus(32): EnrollUnknown The operation completed successfully. 0x0 (WIN32: 0) SubmitDone Submit(Request): OK HTTP/1.1 200 OK Date: Sat, 16 Sep 2023 06:46:49 GMT Content-Length: 9338 Content-Type: application/x-pki-message X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: cd0dfc34-68ed-4861-bfef-2e06f12141ac Method: POST(16187ms) Stage: SubmitDone The connection with the server was terminated abnormally 0x80072efe (WinHttp: 12030 ERROR_WINHTTP_CONNECTION_ERROR) Error: (09/16/2023 07:44:26 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (09/16/2023 07:42:26 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\WIN-SV9N9ML3DGG$ via https://IFX-KeyId-37ae346baa54c513cff0290bb321a22a34a4a8c4.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(0ms) Stage: GetCACaps The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) System errors: ============= Error: (09/18/2023 05:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/18/2023 05:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Diagnostics HSA Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/18/2023 05:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP App Helper HSA Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/18/2023 05:59:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Network HSA Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/18/2023 05:58:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The GlassWire Control Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/18/2023 05:58:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/18/2023 05:58:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Hotkey UWP Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/18/2023 05:58:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management Engine WMI Provider Registration service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2023-09-17 12:10:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-09-17 08:10:42 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan  ==================== Memory info =========================== BIOS: HP Q78 Ver. 01.25.00 06/16/2023 Motherboard: HP 83B3 Processor: Intel(R) Core(TM) i5-8350U CPU @ 1.70GHz Percentage of memory in use: 50% Total physical RAM: 8035.21 MB Available physical RAM: 3962.99 MB Total Virtual: 9955.21 MB Available Virtual: 5897.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.69 GB) (Free:202.88 GB) (Model: KBG30ZMV256G TOSHIBA) NTFS \\?\Volume{2cd05396-c859-4555-88a9-a3c267ea3cc1}\ () (Fixed) (Total:0.67 GB) (Free:0.08 GB) NTFS \\?\Volume{d098ecf9-6a32-4e26-8341-08a75b9a7beb}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Users shortcut scan result (x64) Version: 18-09-2023 Ran by User (18-09-2023 18:04:53) Running from C:\Users\User\Downloads Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk -> C:\Program Files\Wireshark\Wireshark.exe (The Wireshark developer community, hxxps://www.wireshark.org/) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe\Uninstall Windscribe.lnk -> C:\Program Files\Windscribe\uninstall.exe (Windscribe Limited) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe\Windscribe.lnk -> C:\Program Files\Windscribe\Windscribe.exe (Windscribe Limited) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire\GlassWire.lnk -> C:\Program Files (x86)\GlassWire\GlassWire.exe (SecureMix LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire\Uninstall.lnk -> C:\Program Files (x86)\GlassWire\uninstall.exe (SecureMix LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk -> C:\Windows\System32\LiveCaptions.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk -> C:\Windows\System32\voiceaccess.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Windscribe.lnk -> C:\Program Files\Windscribe\Windscribe.exe (Windscribe Limited) Shortcut: C:\Users\User\Links\Desktop.lnk -> C:\Users\User\Desktop () Shortcut: C:\Users\User\Links\Downloads.lnk -> C:\Users\User\Downloads () Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk -> C:\Windows\System32\LiveCaptions.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk -> C:\Windows\System32\voiceaccess.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GlassWire 3.3.lnk -> C:\Program Files (x86)\GlassWire\GlassWire.exe (SecureMix LLC) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\Bang & Olufsen Audio Control Panel.lnk -> C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe (Conexant Systems LLC.) -> /sa3 /nv:3.0+ /uid:HP-NB-AIO /callapps:1 /dne /StartMenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player Legacy.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\Users\User\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 ==================== End of Shortcut.txt =============================

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

# ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-18-2023 # Duration: 00:00:01 # OS: Windows 11 (Build 22621.2283) # Cleaned: 14 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{277A80CA-C6E9-4D4E-920E-0AB0B5B18BB4} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C351AD2-10DA-4790-AE30-8DCF8E1B4231} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8AF22EF5-02C6-463B-84C6-F6572992175B} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8F5EB931-BB01-464C-9520-13532D0D1FE2} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AE0C79DE-AE5B-4C9C-BD31-C639ECA199D0} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D528C9D0-4D9B-48BD-BAF5-51A30F784888} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0BFD644-C593-4DFF-9436-C0C5FB83E80C} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F83806ED-BC51-47CB-83EC-E758145067DB} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3480 octets] - [18/09/2023 17:57:38] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

svchost.exe connections to what it seems to be not a datacenter

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Wireshark Captures:

[expired link removed]

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Finally someone else with my issue. Brother is is one of the largest china hacks ever and Microsoft is silent. They are. Downloading fake certificates so they can serve you fake webpages. very this by looking for the hyper compute service running. They install themselves in a virtual window. They’ve taken over. Every iot device in my house. If you have an apple phone go into settings and click cellular. If you have an app called uninstalled app that you cannot disable they got your phone too. They control certificates from Ubuntu Microsoft and what they’re doing is they’re scooping a vera sign 2008 certificate that says for internal use only it’s one of the largest hacks by China ever and nobody seems to know. Apple release update today, but it doesn’t remove the hack. thousand dollar surface book and within minutes it was hacked devices around my house have the virus and it’s spreading like wildfire

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Finally someone else with my issue. Brother is is one of the largest china hacks ever and Microsoft is silent. They are. Downloading fake certificates so they can serve you fake webpages. very this by looking for the hyper compute service running. They install themselves in a virtual window. They’ve taken over. Every iot device in my house. If you have an apple phone go into settings and click cellular. If you have an app called uninstalled app that you cannot disable they got your phone too. They control certificates from Ubuntu Microsoft and what they’re doing is they’re scooping a vera sign 2008 certificate that says for internal use only it’s one of the largest hacks by China ever and nobody seems to know. Apple release update today, but it doesn’t remove the hack. thousand dollar surface book and within minutes it was hacked devices around my house have the virus and it’s spreading like wildfire

I have the similar Problem since 2 Years, I have cleaned everything, but all other pc, or any hardware by Neighbors are Infected, and as soon I put windows, and now Linux to on Internet to make updates its over like you said, I even watched how my startup files are changing after I have managed to install eset smart security premium and changed to scan every changes on Laptop, Man, you have to see this...all scripted already, just waitinbg, no matter how, but they come over bloutooth, wifi, phone, and now I have removed wifif card, but still my last try is to go somewhere else and prepare clean instalations, cause People dont even Know that they have been hacked...I think that almost every Windows PC is hacked by now, like you said it spreads like Wild Fire...and no one is doing anything....

3 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated April 29, 2024 Views 4,903 Applies to: