Hi BC MRT! It's been a minute since I've been on here. I used to do this too, a few years ago, and since it's been a minute I wanted to get some assistance form those of you who are up to date with the current malware.
A family member apparently was hit with a ransomeware attack (according to the way she described it), and took her PC to a local shop where it appears to me they have done a "nuke and pave." She called me afterward, still apprehensive about using it, and asked if I would look at it. I thought I would check in here and post the FRST logs and let someone in the know give me confirmation she's good to go.
Thank you!
oneof4.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2023
Ran by User (administrator) on DESKTOP-0EODG7K (Hewlett-Packard 110-243w) (13-12-2023 17:18:16)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13895912 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-3489605266-3818592669-4201221206-1000\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896784 2023-11-27] (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {FA02B2C3-A13E-4FBC-AA3D-61D0C5C44684} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {638F531A-3B61-4573-9272-5B260C4C2AE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0F92176-162F-4FFA-8A19-5E0B3CCE0FE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36E033C7-457F-4B67-B9AA-1E1ADE41B6AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B067307E-348C-43ED-A0BE-1AB01A2E1BA3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1fa457f6-4428-4720-bdbe-073ec5b77aac}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-13]
Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-30]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-13 17:18 - 2023-12-13 17:20 - 000007630 _____ C:\Users\User\Desktop\FRST.txt
2023-12-13 17:17 - 2023-12-13 17:19 - 000000000 ____D C:\FRST
2023-12-13 17:17 - 2023-12-13 17:14 - 002386432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2023-12-13 17:11 - 2023-12-13 17:11 - 000000000 ____D C:\Users\User\AppData\Local\OneDrive
2023-12-01 10:18 - 2023-12-01 10:18 - 000000000 ____D C:\Windows\InboxApps
2023-12-01 09:56 - 2023-12-01 09:56 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-12-01 09:31 - 2023-12-01 09:31 - 000000000 ___HD C:\$WinREAgent
2023-12-01 09:11 - 2023-12-01 09:11 - 000000000 ____D C:\Users\User\AppData\LocalLow\AMD
2023-11-30 14:53 - 2023-11-30 14:53 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-11-30 14:52 - 2023-12-13 17:12 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-30 14:52 - 2023-11-30 14:52 - 000000000 ____D C:\Users\User\AppData\Local\Publishers
2023-11-30 14:51 - 2023-12-01 10:28 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-30 14:51 - 2023-12-01 10:23 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2023-11-30 14:51 - 2023-11-30 14:51 - 000000020 ___SH C:\Users\User\ntuser.ini
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\SystemCertificates
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Crypto
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Credentials
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ___RD C:\Users\User\3D Objects
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Vault
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Network
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2023-11-30 14:51 - 2023-11-30 14:51 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2023-11-30 14:51 - 2023-11-30 13:54 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Protect
2023-11-30 14:51 - 2023-11-30 13:01 - 000000000 ____D C:\ProgramData\Packages
2023-11-30 14:46 - 2023-11-30 14:46 - 000000000 _SHDL C:\Documents and Settings
2023-11-30 14:40 - 2023-11-30 12:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-30 14:40 - 2023-11-30 12:21 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-30 14:39 - 2023-12-13 17:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-30 14:39 - 2023-11-30 14:39 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-11-30 14:39 - 2023-11-30 14:03 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-11-30 14:39 - 2023-11-30 12:04 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-11-30 14:39 - 2023-11-30 12:04 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-11-30 14:38 - 2023-12-13 17:07 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-30 14:38 - 2023-12-13 17:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-11-30 14:38 - 2023-12-01 10:20 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-30 14:38 - 2023-11-30 14:38 - 000000000 ____D C:\Windows\ServiceProfiles
2023-11-30 14:37 - 2023-11-30 13:50 - 000000000 ____D C:\Windows\Panther
2023-11-30 14:02 - 2023-12-01 10:19 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-11-30 14:02 - 2023-11-30 14:02 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2023-11-30 14:02 - 2023-11-30 14:02 - 000000000 ____D C:\Program Files\AMD
2023-11-30 14:01 - 2023-11-30 14:01 - 000000000 ____D C:\Windows\system32\AMD
2023-11-30 14:00 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-30 14:00 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-30 14:00 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-30 14:00 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-30 14:00 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2023-11-30 14:00 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe
2023-11-30 14:00 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2023-11-30 14:00 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2023-11-30 14:00 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2023-11-30 14:00 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2023-11-30 14:00 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2023-11-30 14:00 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2023-11-30 14:00 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2023-11-30 14:00 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2023-11-30 13:59 - 2023-11-30 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\MMC
2023-11-30 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2023-11-30 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe
2023-11-30 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2023-11-30 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2023-11-30 13:58 - 2023-11-30 13:58 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2023-11-30 13:55 - 2023-11-30 13:55 - 000000000 ____D C:\ProgramData\PLUG
2023-11-30 13:01 - 2023-11-30 13:01 - 000000000 ____D C:\Users\User\AppData\Local\Comms
2023-11-30 12:12 - 2023-11-30 13:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Spelling
2023-11-30 12:04 - 2023-12-01 10:28 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3489605266-3818592669-4201221206-1000
2023-11-30 12:04 - 2023-11-30 13:56 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2023-11-30 12:03 - 2023-12-01 10:28 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3489605266-3818592669-4201221206-1000
2023-11-30 12:03 - 2023-11-30 12:08 - 000000000 ____D C:\Windows\system32\MRT
2023-11-30 12:03 - 2023-11-30 12:03 - 000000000 ___RD C:\Users\User\OneDrive
2023-11-30 12:02 - 2023-11-30 12:02 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2023-11-30 12:02 - 2023-11-30 12:02 - 000000000 ____D C:\Windows\system32\SRSLabs
2023-11-30 12:02 - 2023-11-30 12:02 - 000000000 ____D C:\Program Files\Realtek
2023-11-30 12:01 - 2015-08-07 21:12 - 003310784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 003270960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 002915792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 001606544 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 001456472 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 001358472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 001142712 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000979728 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000766640 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000659872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000588120 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000545824 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000481512 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000400984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000393488 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000357016 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000354424 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000354424 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000334808 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000333288 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000232712 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000227024 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000221656 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000188800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000176480 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000130032 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000122240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000097976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2023-11-30 12:01 - 2015-08-07 21:12 - 000094672 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2023-11-30 12:01 - 2015-08-07 21:00 - 004495104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-11-30 12:01 - 2015-08-07 21:00 - 002937064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2023-11-30 12:01 - 2015-08-07 21:00 - 002721008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2023-11-30 12:01 - 2015-08-07 21:00 - 001766120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2023-11-30 12:01 - 2015-08-07 21:00 - 000269504 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2023-11-30 12:01 - 2015-08-07 21:00 - 000131024 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2023-11-30 12:01 - 2015-08-07 21:00 - 000033912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2023-11-30 12:00 - 2023-11-30 12:00 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-30 11:59 - 2023-11-30 11:59 - 000000000 ____D C:\Program Files\RUXIM
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-13 17:16 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2023-12-13 17:09 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-01 10:22 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2023-12-01 10:19 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-01 10:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2023-12-01 10:18 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\servicing
2023-12-01 10:06 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2023-12-01 10:04 - 2019-12-07 04:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-01 10:04 - 2019-12-07 04:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-12-01 09:14 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\appcompat
2023-11-30 14:52 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-11-30 14:51 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-11-30 14:49 - 2019-12-07 04:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-11-30 14:49 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\spool
2023-11-30 14:39 - 2019-12-07 04:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-11-30 14:38 - 2019-12-07 04:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-11-30 14:32 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-30 14:03 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-11-30 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\F12
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Sysprep
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-11-30 13:31 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-30 13:30 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-11-30 13:30 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Com
2023-11-30 13:30 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-11-30 13:30 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-11-30 13:28 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-30 13:28 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-30 13:28 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-30 13:28 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-30 13:28 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\IME
2023-11-30 13:28 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-30 13:28 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-30 13:17 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-11-30 13:17 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-11-30 12:11 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2023
Ran by User (13-12-2023 17:33:06)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) (2023-11-30 19:47:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3489605266-3818592669-4201221206-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3489605266-3818592669-4201221206-503 - Limited - Disabled)
Guest (S-1-5-21-3489605266-3818592669-4201221206-501 - Limited - Disabled)
User (S-1-5-21-3489605266-3818592669-4201221206-1000 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-3489605266-3818592669-4201221206-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.93 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3489605266-3818592669-4201221206-1000\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2023-11-30] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0 [2023-11-30] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3489605266-3818592669-4201221206-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3776371F-F0F6-426E-8C6F-C21883FF5EA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{35BF27A9-42C5-4564-87E6-0FA861642BBC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5FA89E5C-4DA5-49EF-BB3E-176DEEE94783}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FD36DEDE-F130-4BC5-8169-EB28639EF395}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5420AFDE-7135-4639-AD7D-A0461064CEFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{67B69416-8D3D-4F79-B919-8696C05B7BCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1F3EF0DA-5495-44BC-B10C-002309570086}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BF0C07EE-A90E-491F-BF98-754860CAAF6B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A43BE163-0714-402C-957B-B161E9AF5569}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{20A11D6E-FD5F-4A46-829A-8CFE863B0FD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{812FAAF0-59F6-45CD-A829-D67288446F61}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
30-11-2023 13:50:50 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/30/2023 02:27:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/30/2023 01:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.2913, time stamp: 0xfeef270c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2913, time stamp: 0xa1c3e870
Exception code: 0xc0000409
Fault offset: 0x000000000012d862
Faulting process id: 0x4f8
Faulting application start time: 0x01da23b17eb13a56
Faulting application path: C:\Windows\system32\wuauclt.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 68af5dff-b458-40e7-a240-7a2a0f744286
Faulting package full name:
Faulting package-relative application ID:
Error: (11/30/2023 02:54:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800704CF
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/30/2023 02:51:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800704CF
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (11/30/2023 02:50:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800704CF
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent
Error: (11/30/2023 02:42:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
Error: (11/30/2023 02:41:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.
System errors:
=============
Error: (12/13/2023 05:07:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:32:28 PM on 12/1/2023 was unexpected.
Error: (12/01/2023 01:47:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:20:22 AM on 12/1/2023 was unexpected.
Error: (12/01/2023 01:47:11 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (11/30/2023 02:04:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10).
Error: (11/30/2023 12:01:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Realtek Semiconductor Corp. driver update for Realtek High Definition Audio.
Error: (11/30/2023 11:59:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Realtek driver update for Realtek PCIe FE Family Controller.
Error: (11/30/2023 02:51:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (11/30/2023 02:45:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.
Windows Defender:
================
Date: 2023-11-30 13:54:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
BIOS: AMI 80.05 03/28/2014
Motherboard: Hewlett-Packard 2B18
Processor: AMD A4-5000 APU with Radeon HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 7628.63 MB
Available physical RAM: 5205.55 MB
Total Virtual: 9484.63 MB
Available Virtual: 6969.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.89 GB) (Free:892.31 GB) (Model: TOSHIBA DT01ACA100) NTFS
Drive d: () (Removable) (Total:28.64 GB) (Free:28.62 GB) FAT32
\\?\Volume{d9a85f69-0372-46d4-804d-cf030ea0cc87}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{25a8f1b0-06fd-4b96-9fe0-bfc332779899}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C69BF0AF)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 28.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Best Regards,
oneof4.
