0% found this document useful (0 votes)

83 views18 pages

FRST

The document is a scan result from the Farbar Recovery Scan Tool (FRST) conducted on a Windows 11 system by the user 'avila'. It details the processes and registry entries that are whitelisted, indicating which applications are running and their respective paths. Additionally, there are warnings regarding restrictions on Windows Defender settings, suggesting potential security concerns.

Uploaded by

avilash1234

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

83 views18 pages

FRST

Uploaded by

avilash1234

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 18

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025

Ran by avila (administrator) on AVILASH (HP OMEN by HP Laptop 16-b1xxx) (10-04-2025

02:29:31)
Running from C:\Users\avila\OneDrive\Desktop\FRST64.exe
Loaded Profiles: avila
Platform: Microsoft Windows 11 Home Single Language Version 24H2 26100.3775 (X64)
Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)

(AVB Disc Soft, SIA -> Disc Soft FZE LLC) C:\Program Files\DAEMON Tools Lite\
DTShellHlp.exe
(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->)
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA
Desktop\EA Desktop\EACefSubProcess.exe <5>
(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->)
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA
Desktop\EA Desktop\EALocalHostSvc.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies
(Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies
(Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\
FortiSettings.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies
(Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\
FortiSSLVPNdaemon.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies
(Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies
(Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiVPN.exe
(C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe ->) (ELAN MICROELECTRONICS
CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe ->) (Focusrite Audio
Engineering Ltd -> Focusrite Audio Engineering, Ltd.) C:\Program Files\Focusrite\
Drivers\Focusrite Notifier.exe
(C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe ->) (Microsoft Corporation
-> Microsoft Corporation) C:\Users\avila\AppData\Local\Microsoft\OneDrive\
OneDrive.exe
(C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe ->) (Open Source
Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe ->) (Unified Intents AB ->
Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -
> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\
MicrosoftWindows.Client.WebExperience_525.8401.30.0_x64__cw5n1h2txyewy\Dashboard\
Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\msedgewebview2.exe <13>
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\
AD2F1837.OMENCommandCenter_1101.2503.5.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\
OmenCommandCenterBackground.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\
System32\ETDCtrlHelper.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA
Desktop\EA Desktop\EADesktop.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\
Microsoft.Windows.Photos_2025.11030.12002.0_x64__8wekyb3d8bbwe\Photos.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\
Edge\Application\msedge.exe <28>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\
Java\Java Update\jusched.exe
(services.exe ->) () [File not signed] C:\Program Files\Focusrite\Focusrite
Control\Server\ControlServer.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft FZE LLC) C:\Program Files\DAEMON
Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\
DtsApo4Service.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics
Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\
Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program
Files\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpanalyticscomp.inf_amd64_4a30a2f11b5f2798\x64\
TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\
FileRepository\hpomencustomcapcomp.inf_amd64_3c97e435117f8c16\x64\OmenCap\
OmenCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\
OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\iigd_dch.inf_amd64_80ba20874d893d6e\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\ipf_cpu.inf_amd64_72a55bd70de29881\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\
WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\
XtuService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\
FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel
Corporation) C:\Windows\System32\DriverStore\FileRepository\
dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\
Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\
System32\GameInputSvc.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\
DriverStore\FileRepository\nvhm.inf_amd64_5c197d2d97068bef\Display.NvContainer\
NVDisplay.Container.exe <2>
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\
pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\
Windows\System32\DriverStore\FileRepository\
realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <2>
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common
Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\
VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\
OmenInstallMonitor.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\SystemOptimizer\
SystemOptimizer.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\
Microsoft.ScreenSketch_11.2502.18.0_x64__8wekyb3d8bbwe\SnippingTool\
SnippingTool.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\
Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\
WindowsApps\
MicrosoftCorporationII.WinAppRuntime.Singleton_7000.435.154.0_x64__8wekyb3d8bbwe\
PushNotificationsLongRunningTask.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\avila\
AppData\Local\Microsoft\OneDrive\25.051.0317.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\
ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
wlanext.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software
Co.,Ltd) C:\Users\avila\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\
wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software
Co.,Ltd) C:\Users\avila\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\
wpscloudsvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\

realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596800 2022-09-28]
(Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-
08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite
Notifier.exe [906840 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite
Audio Engineering, Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware
Workstation\vmware-tray.exe [114112 2024-02-12] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\
Java Update\jusched.exe [752208 2024-12-04] (Oracle America, Inc. -> Oracle
Corporation)
HKLM\...\Policies\Explorer: [NoThumbnailCache] 0
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 0
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <====
ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <====
ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [Steam] => C:\Program
Files (x86)\Steam\steam.exe [4694624 2025-04-02] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [utweb] => C:\Users\
avila\AppData\Roaming\uTorrent Web\utweb.exe [6425608 2024-08-06] (BitTorrent Inc -
> BitTorrent Limited)
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [Unified Remote V3] =>
C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3243584 2023-02-10]
(Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [Discord] => C:\Users\
avila\AppData\Local\Discord\Update.exe [1505792 2024-11-12] (Discord Inc.) [File
not signed]
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [Parsec.App.0] => C:\
Program Files\Parsec\parsecd.exe [465792 2024-07-18] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run: [EADM] => C:\Program
Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3815520 2025-04-08]
(Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-457190890-3676118213-528105039-1001\...\Run:
[MicrosoftEdgeAutoLaunch_ACA1EA67983F9A78C73C9F155F66CEA9] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-
start [4418088 2025-04-03] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-
AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.84\
Installer\chrmstp.exe [2025-04-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-
0586ADD46B35}] ->
Startup: C:\Users\avila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Startup\Send to OneNote.lnk [2024-11-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\
Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {64D2F2B2-458E-4488-B56D-FA5224B209A9} - System32\Tasks\GoogleSystem\

GoogleUpdater\GoogleUpdaterTaskSystem136.0.7079.0{D5413D38-2D96-42B9-989E-
5DE3E53F61C5} => C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\
updater.exe [7017568 2025-03-20] (Google LLC -> Google LLC)
Task: {5EE119ED-97AA-4B19-BAD3-58EFA2F02770} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\
HP Support Framework\Resources\BingPopup\BingPopup.exe [1004040 2025-03-20] (HP
Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {C72D6A27-8C8A-45FF-B0CA-B089D9A07F1A} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\
HP\HP Support Framework\Resources\HPSFReport.exe [479984 2025-03-20] (HP Inc. -> HP
Inc.)
Task: {5E10AB63-8C67-4DE4-81FD-1864F8A82D3B} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support
Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1170440 2025-03-20] (HP
Inc. -> HP Inc.)
Task: {E3F0DCD8-3359-40B6-97A8-AD2F06811EB9} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP
Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1170440 2025-03-
20] (HP Inc. -> HP Inc.)
Task: {6EF840D1-BA39-43D8-AF71-42A494BD4F92} - System32\Tasks\Microsoft\Office\
Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\
sdxhelper.exe [315512 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DF729D2-7EB4-46E2-B2EF-9E8A09ACD85E} - System32\Tasks\Microsoft\Office\
Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\
sdxhelper.exe [315512 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DA49C35-8BDF-41D0-BEFF-C73A1CA58854} - System32\Tasks\Microsoft\Office\
Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\
ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation ->
Microsoft Corporation)
Task: {DAF2A367-6DA9-4BD9-BACE-3F013F482030} - System32\Tasks\Microsoft\Office\
Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\
ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68304 2025-04-04]
(Microsoft Corporation -> Microsoft Corporation)
Task: {B19137DD-4253-4E6C-A39F-4D178862348A} - System32\Tasks\Microsoft\Office\
Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation
-> Microsoft Corporation)
Task: {41B3FCAC-0BBB-4359-A254-4229401AC329} - System32\Tasks\Microsoft\Office\
Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\
sdxhelper.exe [315512 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6C38ACA-CDD0-463C-8AB0-2F63FB266F51} - System32\Tasks\Microsoft\Office\
Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\
sdxhelper.exe [315512 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {692E6E6E-1ACE-4FF6-82EC-0D31CBF5D55B} - System32\Tasks\Microsoft\Office\
Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\
ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-04]
(Microsoft Corporation -> Microsoft Corporation)
Task: {47A0AE96-9497-40A8-9AD9-06340E5A36AE} - System32\Tasks\Microsoft\Windows\
AccountHealth\RecoverabilityToastTask => {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492} C:\
WINDOWS\system32\AccountHealth.dll [258048 2025-03-30] (Microsoft Windows ->
Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\
Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No
File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\
Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\
MbaeParserTask.exe (No File)
Task: {84834D96-BBB5-47E5-B94C-1CD0A4ACCF5B} - System32\Tasks\Microsoft\Windows\
UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC
RebootDialog (No File)
Task: {56503803-3721-4D59-8051-8B119208C598} - System32\Tasks\Microsoft\Windows\
UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe
/RunOnBattery RebootDialog (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\
UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No
File)
Task: {3594A0BE-0BFD-44DE-88F4-26268C8B0A1C} - System32\Tasks\Mozilla\Firefox
Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-
browser-agent.exe [34368 2024-11-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {23BFDF97-2C50-496D-9AFA-B2FBAAE6EF06} - System32\Tasks\npcapwatchdog => C:\
Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {181119AD-D944-4392-BEFC-F4C0A5946EFD} - System32\Tasks\
NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA
Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\
NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {AD32D21C-67A6-4CC5-836C-749D99EB7AFB} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496
2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1B36934-08D3-4276-9540-908D92DFEF09} - System32\Tasks\
NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\
NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA
Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\
NvNode\--launcher=TaskScheduler
Task: {F6E20FF2-413C-45DB-B13B-C561FE02AF31} - System32\Tasks\
NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA
Corporation -> NVIDIA Corporation)
Task: {047A002D-E6BB-4F8E-A6B0-976ED93E8CB4} - System32\Tasks\
NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA
Corporation -> NVIDIA Corporation)
Task: {16DF186C-39B1-4D33-9EED-38FB1DDBAEE1} - System32\Tasks\
NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -
> NVIDIA Corporation)
Task: {DE93CBF7-5EF0-46F5-A0CA-07C33A5423F5} - System32\Tasks\
NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -
> NVIDIA Corporation)
Task: {614D0DFE-C070-4B56-95F7-EB12EFAA082E} - System32\Tasks\
NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -
> NVIDIA Corporation)
Task: {9896D4CE-8089-4D9C-B2A0-C4643C32B801} - System32\Tasks\
NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\
NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -
> NVIDIA Corporation)
Task: {DCFCE2BD-DC19-4125-8247-5B96B3B511C4} - System32\Tasks\OmenInstallMonitor =>
C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [73168 2025-04-01]
(HP Inc. -> HP Inc.)
Task: {F4D4A850-B707-4A0D-8A72-F3D87AEA8F1D} - System32\Tasks\
OmenInstallMonitorCustomEvent => C:\Program Files\HP\OmenInstallMonitor\
OmenInstallMonitor.exe [73168 2025-04-01] (HP Inc. -> HP Inc.)
Task: {D8551E7F-F4D1-46D7-93C6-75FFB3639192} - System32\Tasks\
OmenInstallMonitorCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001 =>
C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [73168 2025-04-01]
(HP Inc. -> HP Inc.)
Task: {8BC165FC-9A61-4A54-9E33-BF8ADA9A08A7} - System32\Tasks\OmenInstallMonitor-
sid-S-1-5-21-457190890-3676118213-528105039-1001 => C:\Program Files\HP\
OmenInstallMonitor\OmenInstallMonitor.exe [73168 2025-04-01] (HP Inc. -> HP Inc.)
Task: {78DCC2DA-A88B-4427-82E5-4B2386BA795A} - System32\Tasks\OmenOverlay => C:\
Program Files\HP\Overlay\OverlayHelper.exe [67536 2025-04-01] (HP Inc. -> HP Inc.)
Task: {9157FFC7-459B-40D1-97B7-44E61C5E5279} - System32\Tasks\
OmenOverlayCustomEvent => C:\Program Files\HP\Overlay\OverlayHelper.exe [67536
2025-04-01] (HP Inc. -> HP Inc.)
Task: {3FC8E96F-3B87-423D-8165-1829C070BAAA} - System32\Tasks\
OmenOverlayCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001 => C:\
Program Files\HP\Overlay\OverlayHelper.exe [67536 2025-04-01] (HP Inc. -> HP Inc.)
Task: {EF48E1E8-8E85-4075-9761-6FF61C4E18AD} - System32\Tasks\OmenOverlay-sid-S-1-
5-21-457190890-3676118213-528105039-1001 => C:\Program Files\HP\Overlay\
OverlayHelper.exe [67536 2025-04-01] (HP Inc. -> HP Inc.)
Task: {8DB7DA0F-8615-40C2-9AAC-601566AA006D} - System32\Tasks\OneDrive Startup
Task-S-1-5-21-457190890-3676118213-528105039-1001 => C:\Users\avila\AppData\Local\
Microsoft\OneDrive\25.051.0317.0003\OneDriveLauncher.exe [674624 2025-04-08]
(Microsoft Corporation -> Microsoft Corporation)
Task: {D5E48120-FBE4-4642-A052-135A96755467} - System32\Tasks\Optimize Push
Notification Data File-S-1-5-21-457190890-3676118213-528105039-1001 => {201600D8-
6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2025-01-19]
(Microsoft Windows -> Microsoft Corporation)
Task: {B3E1CF45-D1C7-46F8-88FD-5AFBF45D47CA} - System32\Tasks\SystemOptimizer =>
C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe [161232 2025-04-01] (HP
Inc. -> HP Inc.)
Task: {6579D1EE-C7C9-45FE-8B4F-0B6480F97880} - System32\Tasks\
SystemOptimizerCustomEvent => C:\Program Files\HP\SystemOptimizer\
SystemOptimizer.exe [161232 2025-04-01] (HP Inc. -> HP Inc.)
Task: {BF0B1413-9BC8-42B7-A602-15356A5F3C5D} - System32\Tasks\
SystemOptimizerCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001 => C:\
Program Files\HP\SystemOptimizer\SystemOptimizer.exe [161232 2025-04-01] (HP Inc. -
> HP Inc.)
Task: {A43FB777-0A25-4DBF-A42B-07DF0DAE0DE0} - System32\Tasks\SystemOptimizer-sid-
S-1-5-21-457190890-3676118213-528105039-1001 => C:\Program Files\HP\
SystemOptimizer\SystemOptimizer.exe [161232 2025-04-01] (HP Inc. -> HP Inc.)
Task: {BE1A0354-FBF0-48A0-905A-B95032CCDE7D} - System32\Tasks\SystemOptimizerTemp
=> C:\Users\avila\AppData\Local\Temp\HP\SystemOptimizerTemp\SystemOptimizer.exe -
update (No File) <==== ATTENTION
Task: {F978A1C0-274F-42A3-9F73-1A10154C2CC4} - System32\Tasks\
WpsExternal_avila_20241016050858 => C:\Users\avila\AppData\Local\Kingsoft\WPS
Office\12.2.0.18607\office6\wpscloudsvr.exe [926080 2024-10-15] (Zhuhai Kingsoft
Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ->
/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool
/plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0
/start_from=task_external
Task: {77293FF2-BFB1-4F85-8E73-12204564E9B2} - System32\Tasks\WpsUpdateTask_avila
=> C:\Users\avila\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\
wpsupdate.exe [1652096 2024-10-15] (Zhuhai Kingsoft Office Software Co., Ltd. ->
Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed

or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{0006a66c-697b-4218-a650-b970fc51c2cc}: [DhcpNameServer]
192.168.29.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\avila\AppData\Local\Microsoft\Edge\User Data\Default [2025-
04-09]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\avila\AppData\
Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp
[2025-03-05]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (URL Opener) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ckjhaglpkpcgplindhodjpncobbfpaeg
[2024-07-14]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (FoxyProxy) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\flcnoalcefgkhkinjkffipfdhglnpnem
[2025-02-01]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Turn Off the Lights) - C:\Users\avila\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\fmamkbgpnienhphflfdamlhnljffjdgm [2025-02-
13]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (RatePunk Hotel Booking Deals) - C:\Users\avila\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\gdaioanblcnghddimngklkhgcbomfdck [2025-
03-16]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Google Docs Offline) - C:\Users\avila\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-
30]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (True Key™ by McAfee) - C:\Users\avila\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2024-02-
27]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Netflix Party is now Teleparty) - C:\Users\avila\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\igbncjcgfkfnfgbaieiimpfkobabmkce [2025-
04-09]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Hotstar Party) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\inaojcjiaelhcglnajplbnmoijonpnfk
[2024-12-20]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Chrome Remote Desktop) - C:\Users\avila\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2024-02-
27]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\avila\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-
02-27]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\avila\AppData\
Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh
[2024-09-14]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Scener) - C:\Users\avila\AppData\Local\Microsoft\Edge\User Data\
Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc
[2025-03-03]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Hotstar Party) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\mdlagkmblemlaijjlopgagmfnoidifpn
[2024-07-19]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Wappalyzer - Technology profiler) - C:\Users\avila\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\mnbndgmknlpdjdnjfmfcdjoegcckoikn [2025-
04-02]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (retire.js) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\moibopkbhjceeedibkbkbchbjnkadmom
[2024-02-27]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (AdBlock — block ads across the web) - C:\Users\avila\AppData\
Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog
[2025-04-02]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Cookie-Editor) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\neaplmfkghagebokkhpjpoebhdledlfi
[2024-04-03]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (uBlock Origin) - C:\Users\avila\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak
[2025-01-03]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Ambient Aurea for Google Chrome) - C:\Users\avila\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2024-
09-04]hxxps://clients2.google.com/service/update2/crx

FireFox:
========
FF DefaultProfile: abrgtvqk.default
FF ProfilePath: C:\Users\avila\AppData\Roaming\Mozilla\Firefox\Profiles\
abrgtvqk.default [2025-01-16]
FF ProfilePath: C:\Users\avila\AppData\Roaming\Mozilla\Firefox\Profiles\
82yk270i.default-release [2025-04-01]
FF NetworkProxy: Mozilla\Firefox\Profiles\82yk270i.default-release -> http",
"127.0.0.1"
FF Extension: (retire.js) - C:\Users\avila\AppData\Roaming\Mozilla\Firefox\
Profiles\82yk270i.default-release\Extensions\@retire.js.xpi [2024-12-12]
FF Extension: (FoxyProxy) - C:\Users\avila\AppData\Roaming\Mozilla\Firefox\
Profiles\82yk270i.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-04-02]
FF Extension: (Wappalyzer - Technology profiler) - C:\Users\avila\AppData\Roaming\
Mozilla\Firefox\Profiles\82yk270i.default-release\Extensions\
wappalyzer@crunchlabz.com.xpi [2024-12-12]
FF Plugin: @java.com/DTPlugin,version=11.441.2 -> C:\Program Files\Java\
jre1.8.0_441\bin\dtplugin\npDeployJava1.dll [2024-12-04] (Oracle America, Inc. ->
Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.441.2 -> C:\Program Files\Java\
jre1.8.0_441\bin\plugin2\npjp2.dll [2024-12-04] (Oracle America, Inc. -> Oracle
Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2025-04-04] (Microsoft Corporation -> Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-04]
(Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\avila\AppData\Local\Google\Chrome\User Data\Default [2025-04-
01]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default ->
"hxxp://google.com/","hxxps://www.google.com/","hxxps://www.google.co.in/"
CHR Extension: (Turn Off the Lights) - C:\Users\avila\AppData\Local\Google\Chrome\
User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn
[2025-02-13]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\avila\AppData\Local\
Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2025-
01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (uBlock Origin) - C:\Users\avila\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
[2025-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (True Key™ by McAfee) - C:\Users\avila\AppData\Local\Google\Chrome\
User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci
[2025-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (McAfee® WebAdvisor) - C:\Users\avila\AppData\Local\Google\Chrome\
User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
[2025-03-04]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (RatePunk Hotel Booking Deals) - C:\Users\avila\AppData\Local\
Google\Chrome\User Data\Default\Extensions\gdaioanblcnghddimngklkhgcbomfdck [2025-
01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\avila\AppData\Local\Google\Chrome\
User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
[2025-03-04]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock — block ads across the web) - C:\Users\avila\AppData\Local\
Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-
03-04]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Remote Desktop) - C:\Users\avila\AppData\Local\Google\
Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2025-01-
29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Scener) - C:\Users\avila\AppData\Local\Google\Chrome\User Data\
Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc
[2025-03-04]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (retire.js) - C:\Users\avila\AppData\Local\Google\Chrome\User Data\
Default\Extensions\moibopkbhjceeedibkbkbchbjnkadmom
[2025-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\avila\AppData\Local\Google\
Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-
29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\avila\AppData\Local\
Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2025-
02-13]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Ambient Aurea for Google Chrome) - C:\Users\avila\AppData\Local\
Google\Chrome\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2025-
01-29]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\avila\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-
03-05]
CHR Extension: (Google Docs Offline) - C:\Users\avila\AppData\Local\Google\Chrome\
User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-
05]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\avila\AppData\Local\Google\
Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-03-
05]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\avila\AppData\Local\Google\Chrome\User Data\System Profile
[2025-03-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\

OfficeClickToRun.exe [13860056 2025-04-01] (Microsoft Corporation -> Microsoft
Corporation)
S3 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [36968
2024-09-11] (Docker Inc -> Docker Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\
DiscSoftBusServiceLite.exe [4939320 2024-09-12] (AVB Disc Soft, SIA -> Disc Soft
FZE LLC)
R2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [243432
2022-08-02] (DTS, Inc. -> DTS Inc.)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe
[101126848 2025-03-20] (Electronic Arts, Inc. -> Electronic Arts)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\
EABackgroundService.exe [18839648 2025-04-08] (Electronic Arts, Inc. -> Electronic
Arts)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [232536 2024-
03-01] (Fortinet Technologies (Canada) ULC -> Fortinet Inc.)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\
ControlServer.exe [1297920 2024-03-11] () [File not signed]
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\
hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\AppHelperCap.exe [889976 2025-02-23]
(HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\
hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\DiagsCap.exe [888928 2025-02-23] (HP
Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\
hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\NetworkCap.exe [885344 2025-02-23]
(HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\
hpomencustomcapcomp.inf_amd64_3c97e435117f8c16\x64\OmenCap\OmenCap.exe [755248
2024-10-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\
hpcustomcapcomp.inf_amd64_2d1de90f36b6160c\x64\SysInfoCap.exe [889464 2025-02-23]
(HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\
hpanalyticscomp.inf_amd64_4a30a2f11b5f2798\x64\TouchpointAnalyticsClientService.exe
[631464 2025-02-26] (HP Inc. -> HP Inc.)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\
FileRepository\iclsclient.inf_amd64_dec9bbf83f76d9e5\lib\
PlatformLicenseManagerService.exe [746464 2022-07-24] (Intel Corporation ->
Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\
intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe [532024 2022-08-02]
(Intel Corporation -> Intel)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\
ipf_cpu.inf_amd64_72a55bd70de29881\ipf_uf.exe [2748600 2022-07-24] (Intel
Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9407072
2025-04-09] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\
MBVpnTunnelService.exe [2788304 2025-04-09] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\
MpDefenderCoreService.exe [1968320 2025-04-01] (Microsoft Windows Publisher ->
Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\
nvhm.inf_amd64_5c197d2d97068bef\Display.NvContainer\NVDisplay.Container.exe
[1275016 2024-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [418696 2024-07-18] (Parsec Cloud,
Inc. -> Parsec)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [805224 2023-04-17]
(Oracle Corporation -> Oracle and/or its affiliates)
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-
autostart.exe [64960 2024-02-12] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\
NisSrv.exe [4464024 2025-04-01] (Microsoft Windows Publisher -> Microsoft
Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\
MsMpEng.exe [270040 2025-04-01] (Microsoft Windows Publisher -> Microsoft
Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2024-09-12]
(AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2024-09-12]
(AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-04-09]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [106208
2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsb; C:\WINDOWS\System32\drivers\FocusriteUsb.sys [170312 2023-11-27]
(Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsbAudio; C:\WINDOWS\System32\drivers\FocusriteUsbAudio.sys [109896
2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsbMidi; C:\WINDOWS\System32\drivers\FocusriteUsbMidi.sys [53576 2023-
11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\WINDOWS\System32\drivers\FocusriteUsbSwRoot.sys [112968
2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2024-03-01]
(Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [203736 2024-03-01] (Fortinet,
Inc. -> Fortinet Inc)
S3 FortiTransCtrl; C:\WINDOWS\System32\drivers\FortiTransCtrl.sys [110656 2024-03-
01] (Fortinet, Inc. -> Fortinet Inc)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2025-01-19] (Microsoft Windows
-> Microsoft Corporation)
R3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [76896 2024-03-01] (Fortinet,
Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [70368 2024-03-01] (Fortinet
Technologies (Canada) Inc. -> Fortinet Corporation)
R3 GlPciSD; C:\WINDOWS\System32\drivers\GlPciSD.sys [228088 2022-07-25] (GENESYS
LOGIC, INC. -> Genesys Logic)
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft
Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\
hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-
05-06] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\
hpomencustomcapdriver.inf_amd64_7a1ef17ecb1f36ce\x64\hpomencustomcapdriver.sys
[24968 2024-07-11] (HP Inc. -> HP Inc.)
R2 HpReadHWData; C:\WINDOWS\system32\drivers\HpReadHWData.sys [58952 2025-03-11]
(HP Inc. -> Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\
ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-07-
25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\
ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-07-25]
(Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\
intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-08-02] (Intel
Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\
gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-07-25] (Intel Corporation ->
Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\
ipf_cpu.inf_amd64_72a55bd70de29881\ipf_cpu.sys [80568 2022-07-24] (Intel
Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\
ipf_cpu.inf_amd64_72a55bd70de29881\ipf_lf.sys [432824 2022-07-24] (Intel
Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [278960 2025-04-01] (Microsoft
Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [144840 2025-03-30] (Microsoft
Windows -> Microsoft Corporation)
R0 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-04-09]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-04-09] (Microsoft
Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [236728 2025-04-09]
(Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-04-09]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-04-09]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-04-09]
(Malwarebytes Inc. -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert
Nmap,133147429230506937 -> Insecure.Com LLC.)
S3 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18]
(WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\
nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03]
(NVIDIA Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [246504 2024-12-12] (NVIDIA
Corporation -> NVIDIA Corporation)
R3 parsecudeaudio; C:\WINDOWS\System32\drivers\parsecudeaudio.sys [163856 2023-05-
23] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\
rt68cx21x64.inf_amd64_350fa1f1d5f73524\rt68cx21x64.sys [652256 2022-08-25] (Realtek
Semiconductor Corp. -> Realtek)
R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [67496 2023-03-25] (Realtek
Semiconductor Corp. -> Realtek)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\
c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-30]
(Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [29720 2021-11-20] (Microsoft
Windows Hardware Compatibility Publisher -> )
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [254664 2023-04-17]
(Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265536 2023-04-17]
(Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1061440 2023-04-17] (Oracle
Corporation -> Oracle and/or its affiliates)
R3 ViGEmBus; C:\WINDOWS\System32\DriverStore\FileRepository\
vigembus.inf_amd64_8a927fc43d8a7838\x64\ViGEmBus.sys [91432 2020-04-21] (HP Inc. ->
Benjamin Hoeglinger-Stelzer)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2025-01-19]
(Microsoft Windows -> Microsoft Corporation)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft
Windows Hardware Compatibility Publisher -> VMware, Inc.)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [60344 2024-02-12] (VMware, Inc. -
> VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31120 2024-02-12]
(Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2024-02-12]
(Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2024-02-12]
(Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2024-02-12] (Microsoft
Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft
Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20016 2025-04-01] (Microsoft
Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601520 2025-04-01]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-01]
(Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\
wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-03-30]
(Microsoft Windows -> Microsoft Corporation)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-10 02:29 - 2025-04-10 02:30 - 000048758 _____ C:\Users\avila\OneDrive\

Desktop\FRST.txt
2025-04-10 02:27 - 2025-04-10 02:29 - 000069325 _____ C:\Users\avila\Downloads\
Addition.txt
2025-04-10 02:26 - 2025-04-10 02:27 - 000063578 _____ C:\Users\avila\Downloads\
FRST.txt
2025-04-10 02:26 - 2025-04-10 02:25 - 002404864 _____ (Farbar) C:\Users\avila\
OneDrive\Desktop\FRST64.exe
2025-04-10 02:25 - 2025-04-10 02:29 - 000000000 ____D C:\FRST
2025-04-10 02:18 - 2025-04-10 02:25 - 002404864 _____ (Farbar) C:\Users\avila\
Downloads\FRST64.exe
2025-04-10 02:13 - 2025-04-10 02:13 - 000236728 _____ (Malwarebytes) C:\WINDOWS\
system32\Drivers\farflt11.sys
2025-04-10 02:13 - 2025-04-10 02:13 - 000189776 _____ (Malwarebytes) C:\WINDOWS\
system32\Drivers\mwac.sys
2025-04-10 02:11 - 2025-04-10 02:11 - 000002112 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Malwarebytes.lnk
2025-04-10 02:10 - 2025-04-10 02:10 - 002834160 _____ (Malwarebytes) C:\Users\
avila\Downloads\MBSetup (2).exe
2025-04-10 02:09 - 2025-04-10 02:09 - 000000207 _____ C:\WINDOWS\tweaking.com-
regbackup-AVILASH-Windows-10-Home-Single-Language-(64-bit).dat
2025-04-10 02:09 - 2025-04-10 02:09 - 000000000 ____D C:\RegBackup
2025-04-10 02:08 - 2025-04-10 02:08 - 000000000 ____D C:\Users\avila\OneDrive\
Desktop\tweaking.com_registry_backup_portable
2025-04-10 02:07 - 2025-04-10 02:07 - 005509580 _____ C:\Users\avila\OneDrive\
Desktop\tweaking.com_registry_backup_portable.zip
2025-04-10 02:07 - 2025-04-10 02:02 - 001802704 _____ (Bleeping Computer, LLC) C:\
Users\avila\OneDrive\Desktop\rkill (2).exe
2025-04-10 02:06 - 2025-04-10 02:07 - 005509218 _____ C:\Users\avila\Downloads\
tweaking.com_registry_backup_portable.zip
2025-04-10 02:04 - 2025-04-10 02:04 - 000988112 _____ (Bleeping Computer, LLC) C:\
Users\avila\Downloads\rkill (2)64.exe
2025-04-10 02:02 - 2025-04-10 02:02 - 001802704 _____ (Bleeping Computer, LLC) C:\
Users\avila\Downloads\rkill (2).exe
2025-04-10 01:58 - 2025-04-10 01:58 - 001802704 _____ (Bleeping Computer, LLC) C:\
Users\avila\Downloads\rkill (1).exe
2025-04-09 21:46 - 2025-04-09 21:46 - 000000000 ____D C:\inetpub
2025-04-09 04:09 - 2025-04-09 23:52 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-08 12:29 - 2025-04-08 12:29 - 000179154 _____ C:\Users\avila\Downloads\
WhatsApp Image 2025-04-08 at 12.29.03 PM.jpeg
2025-04-08 06:17 - 2025-04-08 06:17 - 000003360 _____ C:\WINDOWS\system32\Tasks\
OneDrive Standalone Update Task-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-08 06:17 - 2025-04-08 06:17 - 000002386 _____ C:\Users\avila\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-08 03:48 - 2025-04-08 03:48 - 000000222 _____ C:\Users\avila\OneDrive\
Desktop\Cell to Singularity - Evolution Never Ends.url
2025-04-08 03:42 - 2025-04-08 03:42 - 000000223 _____ C:\Users\avila\OneDrive\
Desktop\RISK Global Domination.url
2025-04-08 03:02 - 2025-04-09 23:58 - 000000000 ____D C:\Users\avila\Downloads\
Marvel's Spider-Man 2 [FitGirl Repack]
2025-04-06 02:58 - 2025-04-06 02:58 - 000487745 _____ C:\Users\avila\Downloads\
Spider-man Remastered [FitGirl Repack].torrent
2025-04-05 17:38 - 2025-04-05 17:38 - 000178699 _____ C:\Users\avila\Downloads\
Spider-Man - Miles Morales [FitGirl Repack].torrent
2025-04-04 18:16 - 2025-04-04 18:16 - 000000000 ____D C:\Program Files\Common
Files\DESIGNER
2025-04-03 04:14 - 2025-04-03 04:14 - 000000000 ___SH C:\Users\avila\AppData\Local\
LumaEmu
2025-04-01 19:04 - 2025-04-01 19:04 - 000004470 _____ C:\WINDOWS\system32\Tasks\
OmenInstallMonitorCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 19:04 - 2025-04-01 19:04 - 000004410 _____ C:\WINDOWS\system32\Tasks\
OmenOverlayCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 19:04 - 2025-04-01 19:04 - 000004066 _____ C:\WINDOWS\system32\Tasks\
OmenInstallMonitor-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 19:04 - 2025-04-01 19:04 - 000004008 _____ C:\WINDOWS\system32\Tasks\
OmenOverlay-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 19:03 - 2025-04-01 19:03 - 000004446 _____ C:\WINDOWS\system32\Tasks\
SystemOptimizerCustomEvent-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 19:03 - 2025-04-01 19:03 - 000004044 _____ C:\WINDOWS\system32\Tasks\
SystemOptimizer-sid-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-01 18:59 - 2025-04-01 18:59 - 000000000 ____D C:\WINDOWS\system32\
AccountHealthAssets
2025-03-31 00:27 - 2025-03-31 00:27 - 000029042 _____ C:\WINDOWS\SysWOW64\
IntegratedServicesRegionPolicySet.json
2025-03-31 00:27 - 2025-03-31 00:27 - 000029042 _____ C:\WINDOWS\system32\
IntegratedServicesRegionPolicySet.json
2025-03-22 03:27 - 2025-03-22 03:27 - 000000000 ____D C:\Users\avila\OneDrive\
Documents\Player
2025-03-22 03:27 - 2025-03-22 03:27 - 000000000 ____D C:\Users\avila\AppData\
LocalLow\Crows Crows Crows
2025-03-14 03:44 - 2025-03-14 03:44 - 000000000 ____D C:\Users\avila\AppData\Local\
HPOmenServices
2025-03-12 03:51 - 2025-03-12 03:51 - 000003982 _____ C:\WINDOWS\system32\Tasks\
SystemOptimizerTemp
2025-03-12 03:51 - 2025-03-12 03:46 - 000058952 _____ (Windows (R) Win 7 DDK
provider) C:\WINDOWS\system32\Drivers\HpReadHWData.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-10 02:29 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SystemTemp

2025-04-10 02:21 - 2024-11-16 15:08 - 000000000 ____D C:\Users\avila\AppData\Local\
Malwarebytes
2025-04-10 02:19 - 2024-04-01 12:56 - 000000000 ____D C:\ProgramData\regid.1991-
06.com.microsoft
2025-04-10 02:12 - 2024-02-27 11:49 - 000000000 ____D C:\Users\avila\AppData\Local\
D3DSCache
2025-04-10 02:11 - 2024-04-01 12:56 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-04-10 02:11 - 2024-04-01 12:54 - 000000000 ____D C:\WINDOWS\INF
2025-04-10 02:10 - 2024-11-16 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-04-10 02:10 - 2024-11-16 15:07 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-10 02:07 - 2024-07-20 01:38 - 000003968 _____ C:\Users\avila\OneDrive\
Desktop\Rkill.txt
2025-04-10 01:49 - 2024-03-11 20:21 - 000000000 ____D C:\Users\avila\AppData\Local\
OGH
2025-04-09 23:59 - 2024-07-01 15:25 - 000000000 ____D C:\Games
2025-04-09 23:57 - 2024-04-01 12:56 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-09 23:57 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-09 23:55 - 2024-02-29 00:34 - 000000000 ____D C:\Program Files (x86)\Steam
2025-04-09 23:55 - 2024-02-27 11:51 - 000000000 ___RD C:\Users\avila\OneDrive
2025-04-09 22:18 - 2024-02-27 12:50 - 000000000 ____D C:\Users\avila\AppData\Local\
CrashDumps
2025-04-09 21:57 - 2025-01-19 03:05 - 000840882 _____ C:\WINDOWS\system32\
PerfStringBackup.INI
2025-04-09 21:52 - 2024-12-25 00:37 - 000000000 ____D C:\ProgramData\EA Desktop
2025-04-09 21:52 - 2024-03-11 20:21 - 000000000 ____D C:\Program Files\HP
2025-04-09 21:52 - 2024-02-27 12:57 - 000000000 ____D C:\system.sav
2025-04-09 21:50 - 2025-01-19 03:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-09 21:50 - 2025-01-19 02:58 - 000002190 _____ C:\WINDOWS\system32\5E37410B-
D6F1-471D-AE27-563CEAC0D6B2
2025-04-09 21:50 - 2025-01-16 23:47 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-09 21:50 - 2024-04-04 13:47 - 000000000 ____D C:\ProgramData\VMware
2025-04-09 21:50 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\ServiceState
2025-04-09 21:50 - 2024-02-27 17:10 - 000000000 ____D C:\ProgramData\NVIDIA
2025-04-09 21:49 - 2024-04-01 12:51 - 000786432 _____ C:\WINDOWS\system32\config\
BBI
2025-04-09 21:47 - 2025-01-19 02:54 - 000495824 _____ C:\WINDOWS\system32\
FNTCACHE.DAT
2025-04-09 21:47 - 2025-01-19 02:54 - 000001623 _____ C:\WINDOWS\system32\config\
VSMIDK
2025-04-09 21:46 - 2024-04-01 21:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-09 21:46 - 2024-04-01 21:44 - 000000000 ____D C:\WINDOWS\system32\
Microsoft-Edge-WebView
2025-04-09 21:46 - 2024-04-01 21:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\
en-GB
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ___RD C:\WINDOWS\
ImmersiveControlPanel
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
SecureBootUpdates
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-09 21:46 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-09 21:41 - 2024-09-17 20:55 - 000000000 ____D C:\Users\avila\AppData\
Roaming\uTorrent Web
2025-04-09 21:41 - 2024-04-08 16:02 - 000000000 ____D C:\Users\avila\AppData\Local\
BitTorrentHelper
2025-04-09 21:39 - 2025-01-19 02:54 - 000000000 ____D C:\WINDOWS\system32\
SleepStudy
2025-04-09 16:39 - 2024-10-08 03:14 - 000000000 ____D C:\ProgramData\Unified Remote
2025-04-09 04:04 - 2025-01-19 02:56 - 003352064 _____ (Microsoft Corporation) C:\
WINDOWS\SysWOW64\PrintConfig.dll
2025-04-08 22:54 - 2025-01-29 15:14 - 000002256 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-08 16:25 - 2024-09-16 17:32 - 000000000 ____D C:\Users\avila\AppData\Local\
Greenshot
2025-04-08 12:48 - 2024-09-12 14:56 - 000000000 ____D C:\Users\avila\AppData\
Roaming\Microsoft\Word
2025-04-08 12:32 - 2024-03-11 20:21 - 000000000 ____D C:\Users\avila\AppData\Local\
HP_Inc
2025-04-08 12:27 - 2024-09-12 14:59 - 000000000 ____D C:\Users\avila\AppData\
Roaming\Microsoft\UProof
2025-04-08 06:17 - 2025-01-31 04:23 - 000003564 _____ C:\WINDOWS\system32\Tasks\
OneDrive Startup Task-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-08 06:17 - 2025-01-19 03:01 - 000003584 _____ C:\WINDOWS\system32\Tasks\
OneDrive Reporting Task-S-1-5-21-457190890-3676118213-528105039-1001
2025-04-08 03:48 - 2024-02-29 01:54 - 000000000 ____D C:\Users\avila\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-04-08 03:11 - 2024-02-29 00:34 - 000000000 ____D C:\Users\avila\AppData\Local\
Steam
2025-04-08 03:09 - 2024-02-27 11:55 - 000000000 ____D C:\Program Files\EA Games
2025-04-08 03:04 - 2024-09-11 11:10 - 000000000 ____D C:\Users\avila\OneDrive\
Desktop\Godrej Finance
2025-04-07 14:04 - 2024-10-26 05:05 - 000000000 ____D C:\Users\avila\OneDrive\
Documents\Marvel's Spider-Man Remastered
2025-04-05 16:59 - 2024-02-27 17:09 - 000002445 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-05 16:52 - 2025-01-19 03:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\
MicrosoftEdgeUpdateTaskMachineUA
2025-04-05 16:52 - 2025-01-19 03:01 - 000003412 _____ C:\WINDOWS\system32\Tasks\
MicrosoftEdgeUpdateTaskMachineCore
2025-04-04 06:44 - 2024-09-12 14:51 - 000000000 ____D C:\Program Files\Microsoft
Office
2025-04-04 03:20 - 2024-02-27 11:49 - 000000000 ____D C:\Users\avila\AppData\Local\
Packages
2025-04-04 03:20 - 2024-02-27 11:46 - 000000000 ____D C:\ProgramData\Packages
2025-04-03 04:14 - 2024-02-27 12:01 - 000000000 ____D C:\Users\avila\OneDrive\
Documents\My Games
2025-04-01 19:17 - 2024-04-01 12:56 - 000000000 ____D C:\ProgramData\USOPrivate
2025-04-01 19:03 - 2025-01-19 03:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\
Hewlett-Packard
2025-04-01 18:59 - 2025-01-19 08:20 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-01 18:59 - 2024-04-01 21:45 - 000000000 ____D C:\Program Files\Windows
Photo Viewer
2025-04-01 18:59 - 2024-04-01 21:45 - 000000000 ____D C:\Program Files (x86)\
Windows Photo Viewer
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\UUS
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\
WinMetadata
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
WinMetadata
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
WinBioPlugIns
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
ShellExperiences
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
PerceptionSimulation
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
HealthAttestationClient
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-01 18:59 - 2024-04-01 12:56 - 000000000 ____D C:\Program Files\Common
Files\System
2025-04-01 18:59 - 2024-04-01 12:51 - 000000000 ____D C:\WINDOWS\servicing
2025-04-01 12:37 - 2024-02-27 17:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\
wd
2025-03-31 16:39 - 2024-02-27 13:05 - 000000000 ____D C:\ProgramData\Packer
2025-03-16 22:25 - 2024-11-28 00:49 - 000000000 ____D C:\Users\avila\AppData\Local\
EA SPORTS FC 25
2025-03-16 22:19 - 2024-02-27 11:50 - 000000000 ____D C:\Users\avila\AppData\Local\
PlaceholderTileLogoFolder
2025-03-14 09:55 - 2025-01-19 02:55 - 000000000 ____D C:\Users\avila
2025-03-14 09:54 - 2024-04-01 21:42 - 000000000 ____D C:\WINDOWS\en-GB
2025-03-14 09:54 - 2024-04-01 12:56 - 000000000 ___RD C:\Program Files\Windows
Defender
2025-03-14 09:54 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-03-14 09:54 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SysWOW64\
AdvancedInstallers
2025-03-14 09:54 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\system32\
AdvancedInstallers
2025-03-14 09:54 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories ========

2024-05-28 14:23 - 2024-05-28 14:23 - 000000073 _____ () C:\Users\avila\AppData\

Roaming\jd-gui.cfg
2025-04-03 04:14 - 2025-04-03 04:14 - 000000000 ___SH () C:\Users\avila\AppData\
Local\LumaEmu
2024-11-16 15:32 - 2024-11-16 15:32 - 000007602 _____ () C:\Users\avila\AppData\
Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST - 24-06-2024 14.13.36
No ratings yet
FRST - 24-06-2024 14.13.36
25 pages
FRST
No ratings yet
FRST
23 pages
FRST
No ratings yet
FRST
11 pages
FRST Indo Disini
No ratings yet
FRST Indo Disini
17 pages
FRST
No ratings yet
FRST
12 pages
FRST
No ratings yet
FRST
9 pages
FRST
No ratings yet
FRST
21 pages
FRST
No ratings yet
FRST
24 pages
FRST
No ratings yet
FRST
12 pages
FRST
No ratings yet
FRST
24 pages
FRST
No ratings yet
FRST
15 pages
FRST
No ratings yet
FRST
17 pages
FRST
No ratings yet
FRST
98 pages
FRST
No ratings yet
FRST
166 pages
FRST
No ratings yet
FRST
19 pages
USBFix System Analysis Report
No ratings yet
USBFix System Analysis Report
6 pages
Tech-Savvy User's FRST Report
No ratings yet
Tech-Savvy User's FRST Report
66 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
Tech Support: FRST Scan Analysis
No ratings yet
Tech Support: FRST Scan Analysis
25 pages
FRST
No ratings yet
FRST
5 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
FRST
No ratings yet
FRST
28 pages
FRST
No ratings yet
FRST
14 pages
Addition
No ratings yet
Addition
12 pages
FRST
No ratings yet
FRST
42 pages
FRST
No ratings yet
FRST
9 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
USBFix V7.172 System Report
No ratings yet
USBFix V7.172 System Report
4 pages
UsbFix Report 22
No ratings yet
UsbFix Report 22
3 pages
FRST Analysis Report
No ratings yet
FRST Analysis Report
10 pages
Handle All
No ratings yet
Handle All
90 pages
FRST
No ratings yet
FRST
183 pages
UsbFix Report
No ratings yet
UsbFix Report
194 pages
Ultra Virus Killer Log
No ratings yet
Ultra Virus Killer Log
8 pages
UsbFix Antivirus Scan Report
No ratings yet
UsbFix Antivirus Scan Report
8 pages
UsbFix Antivirus Scan Report
No ratings yet
UsbFix Antivirus Scan Report
8 pages
UsbFix Report 05
No ratings yet
UsbFix Report 05
4 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
Hijack THis
No ratings yet
Hijack THis
3 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
FRST
No ratings yet
FRST
22 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
IT Admin Activity Log
No ratings yet
IT Admin Activity Log
16 pages
Combo Fix
No ratings yet
Combo Fix
3 pages
Bug Report
No ratings yet
Bug Report
31 pages
Addition
No ratings yet
Addition
5 pages
UsbFix Report
No ratings yet
UsbFix Report
16 pages
ZHP Diag
No ratings yet
ZHP Diag
41 pages
UsbFix Report
No ratings yet
UsbFix Report
2 pages
USBFix Report for Admins
No ratings yet
USBFix Report for Admins
6 pages
ZHPDiag
No ratings yet
ZHPDiag
48 pages
UsbFix Antivirus Scan Report
No ratings yet
UsbFix Antivirus Scan Report
3 pages
UsbFix Antivirus Premium Scan Report
No ratings yet
UsbFix Antivirus Premium Scan Report
8 pages
UsbFix Report
No ratings yet
UsbFix Report
752 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
LNVR 7.8 Userguides Lenel NVR 7.8 (+7.8.197.34) System User Guide
No ratings yet
LNVR 7.8 Userguides Lenel NVR 7.8 (+7.8.197.34) System User Guide
42 pages
Alize Mu v130 GB
No ratings yet
Alize Mu v130 GB
86 pages
PowerPoint, Publisher, PhotoDraw Troubleshooting Guide
No ratings yet
PowerPoint, Publisher, PhotoDraw Troubleshooting Guide
147 pages
Function Description Software
No ratings yet
Function Description Software
96 pages
Quick Start Guide
No ratings yet
Quick Start Guide
4 pages
Techi DTX Studio Driver Dexis Connect Install Use Instructions 223275 Ptu r19 en
No ratings yet
Techi DTX Studio Driver Dexis Connect Install Use Instructions 223275 Ptu r19 en
52 pages
MCSA Certification Path Guide
No ratings yet
MCSA Certification Path Guide
9 pages
ASIO Driver Usage Guide
No ratings yet
ASIO Driver Usage Guide
4 pages
Battle Mages - Sign of Darkness - Manual - PC
No ratings yet
Battle Mages - Sign of Darkness - Manual - PC
48 pages
Operating System
No ratings yet
Operating System
2 pages
A04-016 Touch Screen Controller)
No ratings yet
A04-016 Touch Screen Controller)
104 pages
Windows 2003 FSMO Role Management
No ratings yet
Windows 2003 FSMO Role Management
3 pages
NetBackup Admin Guide DB2 Win
No ratings yet
NetBackup Admin Guide DB2 Win
137 pages
Intouch 9.5 PDF
No ratings yet
Intouch 9.5 PDF
8 pages
Performance Task in Ict 10
No ratings yet
Performance Task in Ict 10
31 pages
DX Diag
No ratings yet
DX Diag
33 pages
Kixtart Quick Reference: If Statement
No ratings yet
Kixtart Quick Reference: If Statement
3 pages
CABLSTME
No ratings yet
CABLSTME
107 pages
New Features in Allplan 2008
No ratings yet
New Features in Allplan 2008
192 pages
Kali Linux Cybersecurity Lab Setup Guide
No ratings yet
Kali Linux Cybersecurity Lab Setup Guide
4 pages
Guia POC - Horizon View
No ratings yet
Guia POC - Horizon View
21 pages
How To Bypass Internet Connection To Install Windows 11
No ratings yet
How To Bypass Internet Connection To Install Windows 11
8 pages
Institute (School) Management System - Daffodil 151-40-216
No ratings yet
Institute (School) Management System - Daffodil 151-40-216
55 pages
SERIAL, JTAG 인터페이스 (참고자료)
No ratings yet
SERIAL, JTAG 인터페이스 (참고자료)
9 pages
AlphaPro USB Dongle Datasheet
No ratings yet
AlphaPro USB Dongle Datasheet
3 pages
InfoVista Server 3.2 SP2 Installation Guide
No ratings yet
InfoVista Server 3.2 SP2 Installation Guide
60 pages
Windows 11 Installation-Steps
No ratings yet
Windows 11 Installation-Steps
8 pages
Tablesmith 4.5: RPG Generation Tool
No ratings yet
Tablesmith 4.5: RPG Generation Tool
36 pages
Notes
No ratings yet
Notes
2 pages

FRST

Uploaded by

FRST

Uploaded by

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025

Ran by avila (administrator) on AVILASH (HP OMEN by HP Laptop 16-b1xxx) (10-04-2025

==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\

==================== Scheduled Tasks (Whitelisted) =================

Task: {64D2F2B2-458E-4488-B56D-FA5224B209A9} - System32\Tasks\GoogleSystem\

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed

==================== Services (Whitelisted) ===================

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\

===================== Drivers (Whitelisted) ===================

==================== NetSvcs (Whitelisted) ===================

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-10 02:29 - 2025-04-10 02:30 - 000048758 _____ C:\Users\avila\OneDrive\

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-10 02:29 - 2024-04-01 12:56 - 000000000 ____D C:\WINDOWS\SystemTemp

==================== Files in the root of some directories ========

2024-05-28 14:23 - 2024-05-28 14:23 - 000000073 _____ () C:\Users\avila\AppData\

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

You might also like