Can someone look at my system please? I feel like my privacy is being violated and my computer is being managed remotely

Status
Not open for further replies.
C

cvksobe

Member
I know this sounds crazy but I met a guy a few years ago and he was on my network and said that he knew some people that know how to destroy someone electronically. He quickly was off the network but ever since then things have just been building up andin strange ways.

I would feel like I was being spyed on. I would see the guest account in windows randomly turn on and off and then recently I got a new laptop, a Lenovo Yoga 7i and very quickly lots of drivers ive never heard of were populated, the stranger thing is that my old 2020 Lenovo desktop now has the exact same drivers. I see all kinds of ipv6 traffic even though i have ipv6 turned off, my internet connection drops suddenly then a few moments later comes right back throughout the day but my eero network doesnt register it. I also ran one of my antivirus files called overseer through filescan.io and it came back 100% malicious. Smart App Control keeps blocking common windows processes due to not being about to verify dlls they are trying to load all the time (I did reset my computer so those logs might not be there). There are tons of firewall rules in windows about cast to device and network discovery and windows deployment and client stuff that i dont know how to read but it frightens me to think it could be malicious. I still know that person and he made a joke a few weeks ago about my computer always recording. I know i sound paranoid but I went ahead and ran a farbar and can provide more information. If someone could just please look at it for me.

Here are the files:
 

Attachments

  • FRST.txt
    63.4 KB · Views: 1
  • Addition.txt
    42.2 KB · Views: 1
I apologize about posting the logs themselves i will copy/paste below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by cvkbodhi (administrator) on JIMBO (LENOVO 90NA) (05-05-2024 02:05:17)
Running from C:\Users\cory_\Desktop\FRST64.exe
Loaded Profiles: cvkbodhi
Platform: Microsoft Windows 11 Home Version 23H2 22631.3527 (X64) Language: English (United States)
Default browser: "C:\Users\cory_\AppData\Local\AVG\Browser\Application\AVGBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe <3>
(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.8697\Agent.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe <7>
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\cory_\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxEM.exe
(Duck Duck Go, Inc. -> DuckDuckGo) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.78.1.0_x64__ya2fgkz3nks94\WindowsBrowser\DuckDuckGo.PersonalInfoRemoval.exe
(explorer.exe ->) (Agilebits -> 1Password) C:\Users\cory_\AppData\Local\1Password\app\8\1Password.exe <4>
(explorer.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe <3>
(explorer.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <3>
(explorer.exe ->) (Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(services.exe ->) (ALOHA MOBILE LTD -> ) C:\Users\cory_\AppData\Local\Aloha Mobile\Aloha\Application\1.5.0.0\aloha_service.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_22dff82e7da0099b\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f42d50ef4c9376ba\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f42d50ef4c9376ba\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1e5aa28740c131d2\RstMwService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_47a3c840f4f369ff\Intel_PIE_Service.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\tunnel\MBVpnTunnelService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\cory_\AppData\Local\Microsoft\OneDrive\24.076.0414.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [461240 2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe [3403400 2021-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [9849280 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe [11121088 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [MicrosoftEdgeAutoLaunch_BC65767FC76B6AF557599AC86925434B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [1Password] => C:\Users\cory_\AppData\Local\1Password\app\8\1Password.exe [176331656 2024-04-26] (Agilebits -> 1Password)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2736744 2024-04-15] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [981640 2024-04-27] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [AVG Browser] => C:\Users\cory_\AppData\Local\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe [525304 2024-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Run: [AVGBrowserAutoLaunch_AD0D89BA97E912A64ADABCCE945D5A6F] => C:\Users\cory_\AppData\Local\AVG\Browser\Application\AVGBrowser.exe [3143160 2024-04-23] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2024-05-05]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02606CD6-D85D-4755-A08C-1834178671F3} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) S-1-5-21-2987512170-2648485282-3193886151-1001 => C:\Users\cory_\AppData\Local\AVG\Browser\Application\AVGBrowser.exe [3143160 2024-04-23] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {C5B43C69-7D86-421C-BF77-2BDBA1E83438} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5238208 2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {CCFDCAD5-8E77-4CD9-B406-010987A3B026} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8064448 2024-04-24] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {7C5BF19F-3DB4-4848-A42D-E4F5FA50EF4B} - System32\Tasks\AVG\AVG Driver Updater BugReport => C:\Program Files\AVG\Driver Updater\AvBugReport.exe [4979136 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 149 --programpath "C:\Program Files\AVG\Driver Updater\Setup\.." --configpath "C:\Program Files\AVG\Driver Updater\Setup" --path "C:\ProgramData\AVG\Driver Updater\log" --path "C:\ProgramData\AVG\Icarus\Logs" --logpath "C:\ProgramData\AVG\Driver Updater\log" (the data entry has 44 more characters).
Task: {5CC8FD03-4D27-454D-8EE4-B752B38FB5E4} - System32\Tasks\AVG\AVG Driver Updater Update => C:\Program Files\Common Files\AVG\Icarus\avg-du\icarus.exe [7811512 2024-03-14] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {7C3234C9-704C-49DC-8285-8305CF0C14ED} - System32\Tasks\AVG\AVG Secure VPN Bug Report => C:\Program Files\AVG\Secure VPN\AvBugReport.exe [5015992 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 12 --programpath "C:\Program Files\AVG\Secure VPN" --configpath "C:\ProgramData\AVG\Secure VPN" --path "C:\ProgramData\AVG\Secure VPN\log" --path "C:\ProgramData\AVG\Icarus\Logs" --logpath "C:\ProgramData\AVG\Secure VPN\log" --guid ccd4bd10-9072-4150-ac06-cf (the data entry has 10 more characters).
Task: {1548D70E-9D89-419B-9253-AB114FA9CB98} - System32\Tasks\AVG\AVG Secure VPN Emergency Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [1475512 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {34D121EA-3A71-48F4-955F-E43E59B6A20C} - System32\Tasks\AVG\AVG Secure VPN Update => C:\Program Files\Common Files\AVG\Icarus\avg-vpn\icarus.exe [7523256 2024-04-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {B2BC86E4-47EC-426C-A9AB-62EF39EC29C3} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4979128 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --logpath "C:\ProgramData\AVG\TuneUp\log" --guid a0d110be-4175-46d8-867d-e (the data entry has 11 more characters).
Task: {D981A7C8-A1FC-4997-A3C7-D9F73A92A73B} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [7811512 2024-03-14] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {0C550C67-7322-4ADB-BD02-FD8822170126} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2385856 2024-04-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {E5430FEA-F3EC-4940-81DE-28892CA06019} - System32\Tasks\AVGBrowserProtectS-1-5-21-2987512170-2648485282-3193886151-1001 => C:\Users\cory_\AppData\Local\AVG\Browser\Application\AVGBrowserProtect.exe [1690040 2024-04-23] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {87DD20B5-08FF-4802-883C-EC21F37C5F8B} - System32\Tasks\AVGUpdateTaskUserS-1-5-21-2987512170-2648485282-3193886151-1001Core => C:\Users\cory_\AppData\Local\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {F58CDDD4-4FBE-4F7C-B5CB-3D185BC92F9D} - System32\Tasks\AVGUpdateTaskUserS-1-5-21-2987512170-2648485282-3193886151-1001UA => C:\Users\cory_\AppData\Local\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {478BA808-94BE-4C63-98AA-066192F2E847} - System32\Tasks\DuckDuckGo Personal Information Removal => C:\Users\cory_\AppData\Local\Microsoft\WindowsApps\DuckDuckGo.exe [0 2024-05-02] () [symlink -> ] -> C:\Users\cory_\AppData\Local\Microsoft\WindowsApps\--start-pir-background-agent --data-location="C:\Users\cory_\AppData\Local\Packages\DuckDuckGo.DesktopBrowser_ya2fgkz3nks94\LocalState" --webview-location="C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.78.1.0_x64__ya2fgkz3nks94\WindowsBro (the data entry has 133 more characters).
Task: {7A18E5FB-A671-4DDC-9DF3-42DD61CE8F6C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {ABF81C92-719F-454F-8B3B-A799E28A1623} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {F44B88A4-2277-4E31-BFD2-220277950DD0} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {E7F9A866-2B0E-41C8-B169-86F271B2725C} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {08B8E850-20F1-4A46-8196-50724179B2E8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {BBD91FEE-5A2F-4F4D-A1BC-5498ABDA69C2} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {D106760C-2D24-4616-B10F-131F14ED9DA5} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {43090C1A-5997-4FC2-B993-E25E14B3207A} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {04864B11-F225-4641-A113-0F1667290D4E} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\uninstall.exe [365024 2024-03-03] (Lenovo -> Lenovo)
Task: {DAAC295D-8ADF-4C7E-9767-BA93B4AD2EC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {330D6CAA-647D-4A90-AAB7-5B41842C1447} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA0FC6C7-69A6-40FA-BD28-EE8DF90310EF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D03C0C95-E902-4DA1-967F-44B94C72E868} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBE02578-483E-4E1F-9148-F2FAC73A4C37} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168488 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0356AC4B-3D2A-49A4-ADC5-348478E77B66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {804108FA-5907-46A2-9369-51C2EEA8432D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A2CFF7F-B492-4EEA-8FD8-D333383AF04E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {425CB073-79F5-4A74-98FE-EAF18DAC2D66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{7b3a594f-11e4-4328-817c-d81ece82fb46}: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{beb0f8f4-8fe9-28d6-e894-46a04aa6484c}: [NameServer] 10.64.0.1

Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-05-05]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-05-02]
Edge Extension: (lock) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-05-02]
Edge Extension: (Google Docs Offline) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-02]
Edge Extension: (Dark Reader) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ifoakfbpdcdoeenechcleahebpibofpc [2024-05-02]
Edge Extension: (Edge relevant text changes) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-05-03]
Edge Extension: (Video DownloadHelper) - C:\Users\cory_\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2024-05-02]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2987512170-2648485282-3193886151-1001: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Users\cory_\AppData\Local\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [2024-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
FF Plugin HKU\S-1-5-21-2987512170-2648485282-3193886151-1001: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Users\cory_\AppData\Local\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [2024-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aloha Mobile service; C:\Users\cory_\AppData\Local\Aloha Mobile\Aloha\Application\1.5.0.0\aloha_service.exe [572184 2024-03-11] (ALOHA MOBILE LTD -> )
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [803264 2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2375608 2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1240000 2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9177016 2024-05-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-04-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2567304 2024-05-02] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [18727360 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 DriverUpdSvc; C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe [16925624 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 DuckDuckGoVPN; C:\Program Files\WindowsApps\DuckDuckGo.VPN_0.23.0.0_x64__ya2fgkz3nks94\NetworkProtection\DuckDuckGo.VPN.exe [595328 2024-04-28] (Duck Duck Go, Inc. -> DuckDuckGo)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [66763808 2024-04-11] (Electronic Arts, Inc. -> Electronic Arts)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [14991976 2024-04-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe [34168 2024-03-03] (Lenovo -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-27] (Malwarebytes Inc. -> Malwarebytes)
R3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\tunnel\MBVpnTunnelService.exe [3073888 2024-04-27] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SecureVPN; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [12355000 2024-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [3223448 2024-04-27] (Activision Publishing Inc -> Activision Blizzard, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [229944 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [379960 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [292920 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [84536 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [27760 2024-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [28728 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [268856 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [548920 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [97848 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [69176 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [935992 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [695864 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203720 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [306120 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgVpnRdr; C:\WINDOWS\System32\drivers\avgVpnRdr.sys [78664 2024-05-05] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [234312 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
S3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [110104 2024-04-27] (Malwarebytes Inc. -> Malwarebytes)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 UsbNcm; C:\WINDOWS\System32\drivers\UsbNcm.sys [167936 2024-04-28] (Microsoft Windows -> )
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-27] (Microsoft Windows -> Microsoft Corporation)
R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-04-27] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-05 02:05 - 2024-05-05 02:06 - 000031462 _____ C:\Users\cory_\Desktop\FRST.txt
2024-05-05 02:04 - 2024-05-05 02:04 - 000002576 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2024-05-05 02:03 - 2024-05-05 02:03 - 014209528 _____ C:\Users\cory_\Downloads\mb-support-1.9.10.1005 (2).exe
2024-05-05 02:03 - 2024-05-05 02:03 - 002394112 _____ (Farbar) C:\Users\cory_\Downloads\FRST64.exe
2024-05-05 02:03 - 2024-05-05 02:03 - 002394112 _____ (Farbar) C:\Users\cory_\Desktop\FRST64.exe
2024-05-05 02:03 - 2024-05-05 02:03 - 000003774 _____ C:\WINDOWS\system32\Tasks\AVGBrowserProtectS-1-5-21-2987512170-2648485282-3193886151-1001
2024-05-05 02:02 - 2024-05-05 02:02 - 000004046 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) S-1-5-21-2987512170-2648485282-3193886151-1001
2024-05-05 02:02 - 2024-05-05 02:02 - 000003678 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskUserS-1-5-21-2987512170-2648485282-3193886151-1001UA
2024-05-05 02:02 - 2024-05-05 02:02 - 000003410 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskUserS-1-5-21-2987512170-2648485282-3193886151-1001Core
2024-05-05 02:02 - 2024-05-05 02:02 - 000001996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure VPN.lnk
2024-05-05 02:01 - 2024-05-05 02:01 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater.lnk
2024-05-05 02:01 - 2024-05-05 02:01 - 000001991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG TuneUp.lnk
2024-05-04 02:01 - 2024-05-04 06:55 - 000002538 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aloha.lnk
2024-05-03 23:27 - 2024-05-03 23:27 - 000234312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-05-03 23:27 - 2024-05-03 23:27 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-05-03 18:15 - 2024-05-03 18:15 - 031077739 _____ C:\Users\cory_\Downloads\drive-download-20240503T221540Z-001.zip
2024-05-03 16:23 - 2024-05-03 16:23 - 000000000 ___HD C:\OneDriveTemp
2024-05-03 16:18 - 2024-05-03 16:17 - 000314816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2024-05-02 20:11 - 2024-05-02 20:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2024-05-02 16:20 - 2024-05-02 16:23 - 000000000 ____D C:\Users\cory_\AppData\Roaming\WebTools-NG
2024-05-02 16:19 - 2024-05-02 16:19 - 000000000 ____D C:\Users\cory_\AppData\Local\webtools-ng-updater
2024-05-02 15:51 - 2024-05-02 15:53 - 1851531700 _____ C:\Users\cory_\Downloads\filesZip.zip
2024-05-02 14:43 - 2024-05-04 01:31 - 000000000 ____D C:\Users\cory_\AppData\Local\Plex
2024-05-02 14:42 - 2024-05-02 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex
2024-05-02 14:41 - 2024-05-02 14:41 - 000000000 ____D C:\Program Files\Plex
2024-05-02 14:15 - 2024-05-02 14:15 - 186351264 _____ C:\Users\cory_\Downloads\Plex-1.91.0.129-1cd63c1d-x86_64.exe
2024-05-02 13:31 - 2024-05-04 00:33 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-02 13:31 - 2024-05-02 13:31 - 001376816 _____ (Google LLC) C:\Users\cory_\Downloads\ChromeSetup.exe
2024-05-02 13:14 - 2024-05-04 02:01 - 000000000 ____D C:\Users\cory_\AppData\Local\Aloha Mobile
2024-05-02 13:13 - 2024-05-02 13:13 - 109734608 _____ (Aloha Mobile) C:\Users\cory_\Downloads\aloha_setup64.exe
2024-05-02 11:04 - 2024-05-02 11:04 - 074480160 _____ (USBRecoveryCreator) C:\Users\cory_\Downloads\USBRecoveryCreator.exe
2024-05-02 10:53 - 2024-05-04 01:17 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2987512170-2648485282-3193886151-1001
2024-05-02 10:53 - 2024-05-04 01:17 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2987512170-2648485282-3193886151-1001
2024-05-02 10:53 - 2024-05-02 10:53 - 000002383 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-02 10:53 - 2024-05-02 10:53 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-05-02 10:50 - 2024-05-02 10:50 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Word
2024-05-02 10:50 - 2024-05-02 10:50 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Office
2024-05-02 10:50 - 2024-05-02 10:50 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\AddIns
2024-05-02 10:46 - 2024-05-02 10:46 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-05-02 10:45 - 2024-05-02 10:45 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-05-02 10:45 - 2024-05-02 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-05-02 10:29 - 2024-05-02 11:48 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-02 10:29 - 2024-05-02 10:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-05-02 10:16 - 2024-05-04 01:17 - 000003286 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-2987512170-2648485282-3193886151-1001_0
2024-05-02 10:16 - 2024-05-02 19:34 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-04-28 23:19 - 2024-04-28 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2024-04-28 23:10 - 2024-04-28 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burning Crusade Classic
2024-04-28 23:07 - 2024-04-28 23:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-04-28 23:06 - 2024-04-28 23:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-04-28 23:06 - 2024-04-28 23:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-04-28 23:05 - 2024-04-28 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-04-28 23:05 - 2024-04-28 23:05 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-04-28 23:05 - 2024-04-28 23:05 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-28 23:00 - 2024-04-28 23:00 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-04-28 23:00 - 2024-04-28 23:00 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-28 22:59 - 2024-04-28 22:59 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-04-28 22:59 - 2024-04-28 22:59 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-28 19:24 - 2024-05-04 08:34 - 000804932 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-28 19:20 - 2024-04-28 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
2024-04-28 19:13 - 2024-05-05 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-04-28 19:13 - 2024-05-04 06:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-28 19:13 - 2024-05-04 01:17 - 000004004 _____ C:\WINDOWS\system32\Tasks\DuckDuckGo Personal Information Removal
2024-04-28 19:13 - 2024-05-04 01:17 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-28 19:13 - 2024-05-04 01:17 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-28 19:13 - 2024-05-04 01:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2024-04-28 19:13 - 2024-04-28 19:13 - 000000020 ___SH C:\Users\cory_\ntuser.ini
2024-04-28 19:13 - 2024-04-28 19:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2024-04-28 19:12 - 2024-04-28 19:13 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-04-28 19:12 - 2024-04-28 19:13 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-04-28 19:11 - 2024-04-28 19:11 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-04-28 19:11 - 2024-04-28 19:11 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\SystemCertificates
2024-04-28 19:11 - 2024-04-28 19:11 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Network
2024-04-28 19:11 - 2024-04-28 19:11 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Crypto
2024-04-28 19:10 - 2024-05-02 20:32 - 000000000 ____D C:\Users\cory_
2024-04-28 19:10 - 2024-04-28 19:13 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Windows
2024-04-28 19:10 - 2024-04-28 19:10 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Spelling
2024-04-28 19:09 - 2024-05-05 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-28 19:09 - 2024-05-04 06:25 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-04-28 19:09 - 2024-05-02 19:34 - 000473976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-28 18:11 - 2024-04-28 18:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-28 18:07 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2024-04-28 17:29 - 2024-05-03 19:23 - 000000000 ___DC C:\WINDOWS\Panther
2024-04-28 16:40 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty
2024-04-28 15:26 - 2024-04-28 23:09 - 000000000 ____D C:\Program Files\Intel
2024-04-28 15:25 - 2024-04-28 15:25 - 041925976 _____ (Intel Corporation) C:\Users\cory_\Downloads\WiFi-23.40.0-Driver64-Win10-Win11.exe
2024-04-28 15:23 - 2024-04-28 19:10 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-04-28 15:22 - 2024-05-03 18:40 - 000000000 ____D C:\Users\cory_\AppData\Roaming\discord
2024-04-28 15:22 - 2024-05-03 18:40 - 000000000 ____D C:\Users\cory_\AppData\Local\Discord
2024-04-28 15:22 - 2024-04-28 15:23 - 000000000 ____D C:\Users\cory_\AppData\Local\SquirrelTemp
2024-04-28 09:51 - 2024-04-28 09:51 - 000000000 ____D C:\Users\cory_\AppData\Local\Backup
2024-04-28 06:35 - 2024-04-28 06:35 - 000000234 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Origins.url
2024-04-28 05:58 - 2024-05-02 10:47 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2024-04-28 05:58 - 2024-04-28 05:58 - 000000000 ___RD C:\Users\Default\OneDrive
2024-04-28 01:19 - 2024-04-28 01:19 - 000000575 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud Drive.lnk
2024-04-28 01:17 - 2024-04-28 01:17 - 000000000 ____D C:\Users\cory_\OneDrive\Documents\PVZ Battle for Neighborville
2024-04-28 01:09 - 2024-04-28 01:09 - 000000000 ____D C:\ProgramData\Apple Computer
2024-04-28 01:02 - 2024-04-28 01:02 - 000000000 ____D C:\ProgramData\DuckDuckGo
2024-04-28 00:56 - 2024-05-02 19:59 - 000000000 ____D C:\ProgramData\Apple
2024-04-28 00:56 - 2024-04-28 00:56 - 000043521 _____ C:\Users\cory_\Downloads\1PasswordExport-MMUKHKZDKBBNHIJLPQ3P3AAAJA-20240428-005655.csv
2024-04-28 00:55 - 2024-05-02 10:55 - 000000000 ____D C:\ProgramData\Apple Inc
2024-04-28 00:40 - 2024-04-28 00:40 - 000000736 _____ C:\Users\cory_\Downloads\DuckDuckGo.appinstaller
2024-04-28 00:24 - 2024-04-28 00:24 - 000000000 ____D C:\Users\cory_\AppData\Local\EALaunchHelper
2024-04-27 23:38 - 2024-04-28 19:10 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2024-04-27 23:38 - 2024-04-28 06:35 - 000000000 ____D C:\Users\cory_\AppData\Local\Ubisoft Game Launcher
2024-04-27 23:38 - 2024-04-27 23:38 - 000000000 ____D C:\ProgramData\Ubisoft
2024-04-27 23:37 - 2024-04-27 23:37 - 000000000 ____D C:\Users\cory_\AppData\Local\PVZCache
2024-04-27 23:37 - 2024-04-27 23:37 - 000000000 ____D C:\ProgramData\Origin
2024-04-27 23:37 - 2024-04-27 23:37 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2024-04-27 23:32 - 2024-04-27 23:37 - 000000000 ____D C:\ProgramData\Packer
2024-04-27 23:32 - 2024-04-27 23:36 - 000000000 ____D C:\Program Files\EA
2024-04-27 23:32 - 2024-04-27 23:32 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2024-04-27 23:32 - 2024-04-27 23:32 - 000000000 ____D C:\Users\cory_\AppData\Roaming\EA
2024-04-27 23:32 - 2024-04-27 23:32 - 000000000 ____D C:\ProgramData\Electronic Arts
2024-04-27 23:32 - 2024-04-27 23:32 - 000000000 ____D C:\ProgramData\eaanticheat
2024-04-27 23:31 - 2024-04-27 23:31 - 000000000 ____D C:\Users\cory_\AppData\Roaming\EAAntiCheat.Installer.Tool
2024-04-27 23:22 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2024-04-27 23:18 - 2024-05-04 00:34 - 000000000 ____D C:\Program Files (x86)\Call of Duty
2024-04-27 23:16 - 2024-04-27 23:16 - 000000000 ____D C:\Users\cory_\AppData\Local\EADesktop
2024-04-27 23:16 - 2024-04-27 23:16 - 000000000 ____D C:\Users\cory_\AppData\Local\cache
2024-04-27 23:15 - 2024-04-27 23:18 - 000000000 ____D C:\Users\cory_\AppData\Local\Origin
2024-04-27 23:15 - 2024-04-27 23:15 - 000000000 ____D C:\Users\cory_\AppData\Local\Electronic Arts
2024-04-27 23:15 - 2024-04-27 23:15 - 000000000 ____D C:\Users\cory_\AppData\Local\EAConnect_microsoft
2024-04-27 23:14 - 2024-05-04 06:54 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-27 23:14 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2024-04-27 23:14 - 2024-04-27 23:19 - 000000000 ____D C:\ProgramData\EA Desktop
2024-04-27 23:14 - 2024-04-27 23:19 - 000000000 ____D C:\Program Files\EA Games
2024-04-27 23:14 - 2024-04-27 23:14 - 000000000 ____D C:\Program Files\Electronic Arts
2024-04-27 23:13 - 2024-04-27 23:22 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2024-04-27 22:52 - 2024-05-04 09:58 - 000000000 ____D C:\Users\cory_\dwhelper
2024-04-27 22:51 - 2024-04-27 22:51 - 000000000 ____D C:\Program Files\DownloadHelper CoApp
2024-04-27 22:50 - 2024-04-27 22:50 - 041501304 _____ (ACLAP) C:\Users\cory_\Downloads\vdhcoapp-windows-x86_64-installer.exe
2024-04-27 21:11 - 2024-04-27 21:36 - 1093264752 _____ C:\Users\cory_\Downloads\AcronisCyberProtectHomeOffice_41126.exe
2024-04-27 17:59 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2024-04-27 17:59 - 2024-04-27 17:59 - 000000000 ____D C:\Users\cory_\AppData\Local\INetHistory
2024-04-27 17:57 - 2024-05-05 01:37 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2024-04-27 17:57 - 2024-05-02 11:01 - 000000000 ____D C:\Program Files (x86)\Overwatch
2024-04-27 17:56 - 2024-05-04 06:27 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2024-04-27 17:55 - 2024-04-27 17:55 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2024-04-27 17:53 - 2024-05-05 02:00 - 000000000 ____D C:\Users\cory_\AppData\Local\Battle.net
2024-04-27 17:53 - 2024-05-04 04:35 - 000000000 ____D C:\Users\cory_\AppData\Roaming\CurseForge
2024-04-27 17:53 - 2024-05-04 01:14 - 000000000 ____D C:\Users\cory_\AppData\Local\curseforge-updater
2024-04-27 17:53 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2024-04-27 17:53 - 2024-04-27 17:55 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Battle.net
2024-04-27 17:53 - 2024-04-27 17:53 - 000002433 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CurseForge.lnk
2024-04-27 17:53 - 2024-04-27 17:53 - 000000028 ____H C:\.GamingRoot
2024-04-27 17:53 - 2024-04-27 17:53 - 000000000 ____D C:\XboxGames
2024-04-27 17:53 - 2024-04-27 17:53 - 000000000 ____D C:\Users\cory_\AppData\Roaming\ow-electron
2024-04-27 17:52 - 2024-04-27 23:23 - 000000000 ____D C:\ProgramData\Battle.net_components
2024-04-27 17:52 - 2024-04-27 17:57 - 000000000 ____D C:\Users\cory_\AppData\Local\Blizzard Entertainment
2024-04-27 17:52 - 2024-04-27 17:55 - 000000000 ____D C:\Program Files (x86)\Battle.net
2024-04-27 17:52 - 2024-04-27 17:53 - 000000000 ____D C:\Users\cory_\AppData\Local\Overwolf
2024-04-27 17:51 - 2024-04-27 17:51 - 002143240 _____ (Overwolf Ltd.) C:\Users\cory_\Downloads\CurseForge Windows - Installer.exe
2024-04-27 17:50 - 2024-04-27 17:52 - 000000000 ____D C:\ProgramData\Battle.net
2024-04-27 17:50 - 2024-04-27 17:50 - 004925568 _____ (Blizzard Entertainment) C:\Users\cory_\Downloads\Battle.net-Setup (2).exe
2024-04-27 17:44 - 2024-04-27 17:44 - 004925568 _____ (Blizzard Entertainment) C:\Users\cory_\Downloads\Battle.net-Setup.exe
2024-04-27 17:44 - 2024-04-27 17:44 - 004925568 _____ (Blizzard Entertainment) C:\Users\cory_\Downloads\Battle.net-Setup (1).exe
2024-04-27 17:03 - 2024-04-27 17:03 - 014209528 _____ C:\Users\cory_\Downloads\mb-support-1.9.10.1005 (1).exe
2024-04-27 16:45 - 2024-04-27 16:45 - 000001493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Welcome.lnk
2024-04-27 16:40 - 2022-04-02 13:24 - 000337280 _____ (Intel Corporation) C:\WINDOWS\system32\JHI64.dll
2024-04-27 16:40 - 2022-04-02 13:24 - 000321416 _____ (Intel Corporation) C:\WINDOWS\system32\TEEManagement64.dll
2024-04-27 16:40 - 2022-04-02 13:24 - 000272264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\JHI.dll
2024-04-27 16:40 - 2022-04-02 13:24 - 000259464 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\TEEManagement.dll
2024-04-27 16:38 - 2024-04-27 16:39 - 000000000 ___HD C:\Program Files (x86)\Temp
2024-04-27 16:38 - 2024-04-27 16:38 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-04-27 16:38 - 2024-04-27 16:38 - 000000000 ____D C:\Program Files (x86)\Realtek
2024-04-27 16:38 - 2021-12-09 00:50 - 006569528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2024-04-27 16:38 - 2021-05-17 09:50 - 002875968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2024-04-27 16:36 - 2024-04-27 16:40 - 000000000 ____D C:\WINDOWS\TempInst
2024-04-27 16:36 - 2021-12-20 10:50 - 009906744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2024-04-27 16:36 - 2021-12-20 10:50 - 000785984 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2024-04-27 16:35 - 2024-05-02 11:04 - 000000000 ____D C:\ProgramData\Lenovo
2024-04-27 16:35 - 2024-04-27 16:35 - 000000000 ____D C:\Users\cory_\AppData\Local\Lenovo
2024-04-27 16:35 - 2024-04-27 16:35 - 000000000 ____D C:\Program Files (x86)\Lenovo
2024-04-27 16:24 - 2024-05-05 02:05 - 000000000 ____D C:\FRST
2024-04-27 16:24 - 2024-04-27 16:24 - 000000000 ___HD C:\$AV_AVG
2024-04-27 16:09 - 2024-05-05 02:06 - 000000000 ____D C:\Users\cory_\AppData\Local\Malwarebytes
2024-04-27 16:09 - 2024-04-27 16:09 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-27 16:08 - 2024-04-28 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-04-27 16:08 - 2024-04-27 16:08 - 017726648 _____ (VS Revo Group ) C:\Users\cory_\Downloads\RevoUninProSetup.exe
2024-04-27 16:08 - 2024-04-27 16:08 - 000110104 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbtun.sys
2024-04-27 16:08 - 2024-04-27 16:08 - 000000000 ____D C:\Users\cory_\AppData\Local\VS Revo Group
2024-04-27 16:08 - 2024-04-27 16:08 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-04-27 16:08 - 2024-04-27 16:08 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-27 16:05 - 2024-04-27 16:05 - 014209528 _____ C:\Users\cory_\Downloads\mb-support-1.9.10.1005.exe
2024-04-27 15:49 - 2024-04-27 15:49 - 000000000 ____D C:\Users\cory_\AppData\Local\ElevatedDiagnostics
2024-04-27 14:40 - 2024-04-27 14:43 - 000000000 ___HD C:\$WinREAgent
2024-04-27 03:31 - 2024-04-27 03:31 - 000000000 ____D C:\Users\cory_\AppData\Local\Comms
2024-04-27 03:28 - 2024-04-27 03:28 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\cory_\Downloads\avg_antivirus_free_setup (1).exe
2024-04-26 22:02 - 2024-05-04 00:35 - 000000000 ____D C:\ProgramData\Packages
2024-04-26 22:02 - 2024-04-26 22:02 - 000000000 _SHDL C:\Documents and Settings
2024-04-26 22:00 - 2024-05-04 23:25 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-26 22:00 - 2024-05-04 06:25 - 000021520 _____ C:\WINDOWS\system32\wpbbin.exe
2024-04-26 22:00 - 2024-05-04 06:25 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-26 22:00 - 2024-04-27 15:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-26 22:00 - 2024-04-26 22:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-04-26 22:00 - 2024-04-26 22:00 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2024-04-26 19:23 - 2024-05-02 10:15 - 000000000 __SHD C:\Users\cory_\IntelGraphicsProfiles
2024-04-26 19:23 - 2024-04-27 17:39 - 000000000 ____D C:\Users\cory_\AppData\Local\Publishers
2024-04-26 19:18 - 2024-05-04 06:25 - 000000000 ____D C:\Intel
2024-04-26 19:18 - 2024-04-26 19:23 - 000000000 ____D C:\ProgramData\Intel
2024-04-26 19:18 - 2024-04-26 19:18 - 000000000 ____D C:\Users\cory_\AppData\LocalLow\Intel
2024-04-26 19:18 - 2024-04-26 19:18 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2024-04-26 19:18 - 2023-04-17 23:26 - 001989608 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-04-26 19:18 - 2023-04-17 23:26 - 001989608 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-04-26 19:18 - 2023-04-17 23:26 - 001546216 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-04-26 19:18 - 2023-04-17 23:26 - 001546216 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-04-26 19:18 - 2023-04-17 23:26 - 001452296 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-04-26 19:18 - 2023-04-17 23:26 - 001452296 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-04-26 19:18 - 2023-04-17 23:26 - 001165536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-04-26 19:18 - 2023-04-17 23:26 - 001165536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-04-26 19:17 - 2024-04-28 23:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-26 19:17 - 2024-04-27 16:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-26 19:17 - 2024-04-27 16:08 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-26 19:16 - 2024-05-04 23:25 - 000000000 ____D C:\Users\cory_\AppData\Roaming\1Password
2024-04-26 19:16 - 2024-05-04 02:02 - 000000000 ____D C:\Users\cory_\AppData\Local\1Password
2024-04-26 19:16 - 2024-04-26 19:16 - 000001356 _____ C:\Users\cory_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-04-26 19:16 - 2024-04-26 19:16 - 000000000 ____D C:\Users\cory_\.1password
2024-04-26 19:15 - 2024-04-26 19:16 - 162584456 _____ (AgileBits, Inc.) C:\Users\cory_\Downloads\1PasswordSetup-latest.exe
2024-04-26 19:15 - 2024-04-26 19:15 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-04-26 19:14 - 2024-04-26 19:14 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2024-04-26 19:13 - 2024-05-05 02:02 - 000000000 ____D C:\Users\cory_\AppData\Local\AVG
2024-04-26 19:13 - 2024-05-05 02:01 - 000000000 ____D C:\Users\cory_\AppData\Roaming\AVG
2024-04-26 19:13 - 2024-05-03 02:47 - 000000000 ____D C:\Users\cory_\AppData\Local\CrashDumps
2024-04-26 19:13 - 2024-04-26 19:13 - 000000000 ____D C:\Users\cory_\AppData\Local\CEF
2024-04-26 19:12 - 2024-05-05 02:01 - 000000000 ____D C:\Program Files\AVG
2024-04-26 19:12 - 2024-04-26 19:12 - 002589624 _____ (Malwarebytes) C:\Users\cory_\Downloads\MBSetup.exe
2024-04-26 19:12 - 2024-04-26 19:12 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2024-04-26 19:12 - 2024-04-26 19:12 - 000000000 ____D C:\Users\cory_\AppData\Local\OneDrive
2024-04-26 19:12 - 2024-04-26 19:12 - 000000000 ____D C:\Program Files\Common Files\AVG
2024-04-26 19:11 - 2024-05-05 02:01 - 000000000 ____D C:\ProgramData\AVG
2024-04-26 19:11 - 2024-04-26 19:11 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\cory_\Downloads\avg_antivirus_free_setup.exe
2024-04-26 19:10 - 2024-05-04 02:03 - 000000000 ____D C:\Users\cory_\AppData\Local\D3DSCache
2024-04-26 19:09 - 2024-04-27 19:18 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\MMC
2024-04-26 19:09 - 2024-04-26 19:09 - 000000000 ____D C:\Users\cory_\AppData\Local\VirtualStore
2024-04-26 19:08 - 2024-05-04 23:25 - 000000000 ___RD C:\Users\cory_\OneDrive
2024-04-26 19:08 - 2024-04-27 17:53 - 000000000 ____D C:\Users\cory_\AppData\Local\PlaceholderTileLogoFolder
2024-04-26 19:07 - 2024-05-04 09:54 - 000000000 ____D C:\Users\cory_\AppData\Local\Packages
2024-04-26 19:07 - 2024-05-02 10:45 - 000000000 ____D C:\Users\cory_\AppData\Local\ConnectedDevicesPlatform
2024-04-26 19:07 - 2024-04-28 19:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-26 19:07 - 2024-04-26 19:07 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Microsoft\Vault
2024-04-26 19:07 - 2024-04-26 19:07 - 000000000 ____D C:\Users\cory_\AppData\Roaming\Adobe
2024-04-26 19:06 - 2024-05-02 10:21 - 000000000 ___SD C:\Users\cory_\AppData\Roaming\Microsoft\Protect
2024-04-26 19:06 - 2024-04-28 10:36 - 000000000 ___SD C:\Users\cory_\AppData\Roaming\Microsoft\Credentials

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-05 02:06 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-05 02:02 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-05 02:02 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2024-05-05 01:07 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-04 09:54 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-04 06:25 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-03 23:28 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-03 23:26 - 2022-05-07 01:17 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2024-05-03 16:18 - 2022-05-07 01:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-02 16:57 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-02 10:46 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-05-02 10:46 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-02 10:22 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2024-04-28 23:16 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-28 23:09 - 2022-05-07 01:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\spool
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-04-28 23:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-04-28 23:08 - 2022-05-07 01:28 - 000000000 ____D C:\WINDOWS\Setup
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Globalization
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-28 23:05 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-04-28 23:05 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\servicing
2024-04-28 23:04 - 2022-05-07 02:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-04-28 23:04 - 2022-05-07 02:10 - 000023775 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-04-28 23:04 - 2022-05-07 01:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-04-28 23:04 - 2022-05-07 01:25 - 000077312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-04-28 23:04 - 2022-05-07 01:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-04-28 23:04 - 2022-05-07 01:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-04-28 19:30 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-28 19:18 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-28 19:16 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-28 19:13 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-28 19:13 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-28 19:13 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-04-28 19:13 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-04-28 19:12 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Media
2024-04-28 19:10 - 2022-05-07 01:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by cvkbodhi (05-05-2024 02:08:37)
Running from C:\Users\cory_\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3527 (X64) (2024-04-28 23:13:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2987512170-2648485282-3193886151-500 - Administrator - Disabled)
cvkbodhi (S-1-5-21-2987512170-2648485282-3193886151-1001 - Administrator - Enabled) => C:\Users\cory_
DefaultAccount (S-1-5-21-2987512170-2648485282-3193886151-503 - Limited - Disabled)
Guest (S-1-5-21-2987512170-2648485282-3193886151-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2987512170-2648485282-3193886151-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password (HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\1Password) (Version: 8.10.30 - AgileBits Inc.)
Aloha (HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\Aloha Mobile Aloha) (Version: 1.5.0.0 - Aloha Mobile)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft)
AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 23.4.4881.12032 - AVG)
AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 24.4.9067.1725 - AVG)
AVG Secure Browser (HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\AVG Secure Browser) (Version: 123.0.24828.123 - Gen Digital Inc.)
AVG Secure VPN (HKLM\...\AVG Secure VPN) (Version: 24.4.9914.11248 - AVG)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 23.4.15807.8938 - AVG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version: - Blizzard Entertainment)
Call of Duty (HKLM-x32\...\Call of Duty) (Version: - Blizzard Entertainment)
CurseForge 1.250.1-17753 (HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 1.250.1-17753 - Overwolf)
Documentation Manager (HKLM\...\{51C5ED88-53DF-49F4-9855-0E9949AC7522}) (Version: 23.40.0.4 - Intel Corporation) Hidden
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.180.0.5693 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{d473ca0c-6e51-4386-a9d8-0458f243b271}) (Version: 13.180.0.5693 - Electronic Arts)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel® Software Installer (HKLM-x32\...\{778be45a-dd41-4bf6-8f9d-409a995d76b2}) (Version: 23.40.0.4 - Intel Corporation) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.75.0 - Lenovo Group Ltd.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome) (Version: 3.3.2 - Lenovo Group Ltd.)
Malwarebytes version 5.1.3.110 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.3.110 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\OneDriveSetup.exe) (Version: 24.076.0414.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Plants vs Zombies Battle for Neighborville (HKLM-x32\...\{2071E3B5-A619-4F7E-B560-1769ABD91DCD}) (Version: 1.0.55.50001 - Electronic Arts)
Plex (HKLM-x32\...\Plex) (Version: 1.91.0 - Plex, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9279.1 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 145.1.10933 - Ubisoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic Era (HKLM-x32\...\World of Warcraft Classic Era) (Version: - Blizzard Entertainment)

Packages:
=========

Apple Music -> C:\Program Files\WindowsApps\AppleInc.AppleMusicWin_1.1030.21762.0_x64__nzyj5cx40ttqa [2024-04-27] (Apple Inc.)
Apple TV -> C:\Program Files\WindowsApps\AppleInc.AppleTVWin_1.1030.21762.0_x64__nzyj5cx40ttqa [2024-04-28] (Apple Inc.)
AppleInc.AppleDevices -> C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1030.21762.0_x64__nzyj5cx40ttqa [2024-04-27] (Apple Inc.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-26] (INTEL CORP) [Startup Task]
DuckDuckGo -> C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.78.1.0_x64__ya2fgkz3nks94 [2024-05-02] (DuckDuckGo) [Startup Task]
DuckDuckGo VPN -> C:\Program Files\WindowsApps\DuckDuckGo.VPN_0.23.0.0_x64__ya2fgkz3nks94 [2024-04-28] (DuckDuckGo)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-04-28] (Instagram)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2403.25.0_x64__k1h2ywk1493x8 [2024-04-27] (LENOVO INC.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-04-28] (Microsoft Corporation)
MicrosoftWindows.Client.FileExp -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-04-28] (Microsoft Windows)
MicrosoftWindows.Client.LKG -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-04-28] (Microsoft Windows)
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.1.1.0_neutral__5byw4zywtsh80 [2024-04-28] (Pinterest Inc.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-04-26] (Realtek Semiconductor Corp)
Reddit -> C:\Program Files\WindowsApps\redditTV.Reddit_1.0.1.0_neutral__99kbdge22ed1a [2024-04-28] (Reddit Inc.)
Secure Folder, Files and Encrypt -> C:\Program Files\WindowsApps\15675MedhaChaitanya.FileLockEncrypt_3.75.63.0_x64__44hy61fym8r9t [2024-04-27] (MedhaChaitanya)
Sirius XM Radio Inc. -> C:\Program Files\WindowsApps\SiriusXM.SiriusXM_4.8.4.0_x64__rb1gq5s0htdrw [2024-04-28] (Sirius XM Radio Inc)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2024-04-28] (Ookla)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-28] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2024-04-28] (Bytedance Pte. Ltd.)
Tumblr -> C:\Program Files\WindowsApps\22490Automattic.Tumblr_1.0.1.0_neutral__9h07f78gwnchp [2024-04-28] (Automattic, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2024-04-28] (Twitter Inc.)
WindowsAppRuntime.1.2-preview1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2-preview1_2000.609.1413.0_x64__8wekyb3d8bbwe [2024-05-02] (Microsoft Corporation)
WindowsAppRuntime.1.2-preview1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2-preview1_2000.609.1413.0_x86__8wekyb3d8bbwe [2024-05-02] (Microsoft Corporation)
YouTube -> C:\Program Files\WindowsApps\www.youtube.com-54E21B02_1.0.0.0_neutral__pd8mbgmqs65xy [2024-05-04] (www.youtube.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2987512170-2648485282-3193886151-1001_Classes\CLSID\{685174F1-6D52-4FE0-AFB8-28BE41DF11AB}\localserver32 -> C:\Users\cory_\AppData\Local\Aloha Mobile\Aloha\Application\1.5.0.0\notification_helper.exe (Aloha Mobile Ltd. -> Aloha Mobile)
CustomCLSID: HKU\S-1-5-21-2987512170-2648485282-3193886151-1001_Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\localserver32 -> C:\Users\cory_\AppData\Local\AVG\Browser\Application\123.0.24828.123\notification_helper.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
CustomCLSID: HKU\S-1-5-21-2987512170-2648485282-3193886151-1001_Classes\CLSID\{B43D36BF-EC45-440E-8FDA-E8CDDA458D1C}\InprocServer32 -> C:\Users\cory_\AppData\Local\AVG\Browser\Update\1.8.1693.6\psuser_64.dll (AVG Technologies USA, LLC -> Gen Digital Inc.)
CustomCLSID: HKU\S-1-5-21-2987512170-2648485282-3193886151-1001_Classes\CLSID\{C9D22417-34EB-416B-BE82-31D5660097D6}\InprocServer32 -> C:\Users\cory_\AppData\Local\AVG\Browser\Update\1.8.1693.6\psuser_64.dll (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-05-03] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\cory_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\47ea3330b0f0d7a6\AVG Secure Browser.lnk -> C:\Users\cory_\AppData\Local\AVG\Browser\Application\AVGBrowser.exe (Gen Digital Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\cory_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2024-04-27 17:52 - 2024-04-27 17:53 - 165248000 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\libcef.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000379392 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\libegl.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 006679040 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\libglesv2.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 004325888 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\vk_swiftshader.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 001166336 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\chrome_elf.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000046080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\audio\qtaudio_windows.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000030720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\iconengines\qsvgicon.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qgif.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qico.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000353280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qjpeg.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qsvg.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000352256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qtiff.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000423424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\imageformats\qwebp.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 001239552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\platforms\qwindows.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 005550592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Core.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 005812736 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Gui.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000594944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Multimedia.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000915456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Network.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 003046400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Qml.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000362496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5QmlModels.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 003650560 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Quick.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Svg.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 004702208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Widgets.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000220160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5WinExtras.dll
2024-04-27 17:52 - 2024-04-27 17:52 - 000165888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14792\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cory_\OneDrive\Pictures\Saved Pictures\Wallpapers\macOS-High-Sierra-Wallpaper-2880x1494-scaled.jpg
DNS Servers: 10.64.0.1 - 192.168.4.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2987512170-2648485282-3193886151-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C9DF2DA0-35D1-4192-AD65-D3C293548DD1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB5F8481-55EA-491C-85D7-28E7D9785678}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6ED886B7-6EE3-4180-BD0F-4B384263B4DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7A6563C2-4EBB-4862-96AF-06854BD6AEEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61EC9851-15E2-4F0E-B45B-20DBD0C6B787}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AA6EC424-CB85-413F-BED5-44C8231E4AE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D3C0B396-2AEF-417F-BF3B-946B3FC34A0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2910BC81-9052-405B-B7F6-70E504093009}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CBA2D6DB-3663-4E04-9543-85713DD8BFBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{14EE5C99-A83E-495D-8806-74F5CF75445B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FBF52E75-0F4B-4C0F-AAD2-A02F53366998}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3BBC71DE-2135-4C8A-B58B-005123B1BFBF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{061D9325-B51D-4612-A17C-CA05B8B6FCDE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{116979AE-8E98-44DF-BDFE-43B485EE29B8}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C512E8EA-1891-4270-9A7C-BF1AD2CE5FCC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DCD4ED0C-5D9F-4EB4-9F9F-FB88C2FAC864}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0AD161EE-3B43-4214-9304-40B2F3BCFBB0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D1E38FE4-B6C9-489A-93AF-6B43C86EBF45}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E91903D9-7E11-424A-BEB4-D06D3420F92D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{02AD0A10-86E1-4904-BC31-634DF9C7AC64}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A1DCF859-3FD1-45A9-A869-8FEF42FA08CA}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6C72543D-6C73-4DEF-8111-0B44506C1BBD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleTVWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleTV.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{48305AC5-7D67-4FD0-AE34-81DFA27158B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleTVWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleTV.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{45F9CF8B-146F-4584-971A-80C8E612ACF2}] => (Allow) C:\Program Files\EA Games\PVZ Battle for Neighborville\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9E5CBCC3-43E6-49D6-BD99-A3F6167DB40A}] => (Allow) C:\Program Files\EA Games\PVZ Battle for Neighborville\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9CFCBA78-506A-4262-B3ED-610C3B4C8A55}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5DD904D-351F-4CEE-804A-6CFF9F9360E0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B43C7975-DEB0-4CDF-A66C-48AE6A9220F4}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{A1047370-463F-4ABC-8B36-B031E813FEE7}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{0756CF5D-D5EE-4FFD-BD2E-8572637829E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{235FA1F5-CCEA-472D-BAD0-6F84AD8A2B92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{42E9EEFD-D827-4E2D-90AE-22DD03E37A62}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1030.21762.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C262BB8F-C009-48DB-97F7-7E221D47B39B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1030.21762.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5C2786E4-AEAF-4CF8-8FDB-6A47C568EC19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleMusicWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleMusic.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2362AB56-26B2-4E41-AF18-94E5A26D72F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleMusicWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AppleMusic.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C7160EEF-7E99-40BB-A819-3C9E93C09154}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleMusicWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AMPLibraryAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{BB96C08F-5EAB-44BC-A376-DF9DF64B79A2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleMusicWin_1.1030.21762.0_x64__nzyj5cx40ttqa\AMPLibraryAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8CAF6D73-2D62-4D5B-9FF9-BE979A0EF878}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF51217B-E2F1-4C28-8B1C-DD4EE0F387B6}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.78.1.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{902A264B-7D04-43ED-9E10-9F45424142D6}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.78.1.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{4C5D7E3B-CD6E-451F-9011-8A51B74D13CF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{216D51AF-C784-4A93-BF27-2DC14F569D13}] => (Allow) C:\Program Files\AVG\TuneUp\TuneupUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{BE677AD9-AB2F-41F5-9F7F-3715FF307C47}] => (Allow) C:\Program Files\AVG\TuneUp\TuneupUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{17919D91-DA31-40A8-BE16-5F95FCC8E5AF}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{B29DC623-6B6F-434A-AAB6-71E14F860182}] => (Allow) C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4CAF8F02-004A-42C8-96DA-00B53F4CAA8D}] => (Allow) C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{41CE4D60-982E-4F7E-80CB-DBAA47762BF9}] => (Allow) C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

04-05-2024 00:35:11 Revo Uninstaller Pro's restore point - Aloha

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2024 01:59:55 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x4048
Faulting application start time: 0x0x1da9eb17352e79c
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6892d6e9-28d8-4f96-8882-0c9a80c85d71
Faulting package full name:
Faulting package-relative application ID:

Error: (05/05/2024 01:58:51 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x44d0
Faulting application start time: 0x0x1da9eb14ae091bd
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4400155d-6114-4b4d-9a42-6d88bff43e6c
Faulting package full name:
Faulting package-relative application ID:

Error: (05/05/2024 12:53:33 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x51b4
Faulting application start time: 0x0x1da9ea82def60fb
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f1038677-5b0c-4fa1-aac8-e28381e147d9
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2024 07:28:20 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x1f20
Faulting application start time: 0x0x1da9e162a1754a8
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5d6aee8c-034a-4f77-aa06-6dd585abf53a
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2024 06:26:24 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x4598
Faulting application start time: 0x0x1da9e0d82fe0ce3
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5b3dbf23-3148-47fa-8d0f-88b8463de419
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2024 02:56:27 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x3514
Faulting application start time: 0x0x1da9df02c3b2e99
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0a4995f4-d053-4287-9c29-795972d99221
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2024 02:22:17 AM) (Source: DuckDuckGo.VPN) (EventID: 0) (User: )
Description: Category: NetworkProtection.Grpc.ConnectionService
EventId: 0
SpanId: 58241ebd731e70ed
TraceId: 9635d510f8367ee8ae4baa073730daef
ParentId: 0000000000000000
ConnectionId: 0HN3BVUALNCDQ
RequestId: 0HN3BVUALNCDQ:00000003
RequestPath: /NetworkProtection.Grpc.Services.ConnectionService/GetLocations

Failed to retrieve vpn locations

Exception:
System.Net.Http.HttpRequestException: No such host is known. (controller.netp.duckduckgo.com:443)
---> System.Net.Sockets.SocketException (11001): No such host is known.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendAsync>g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendAsync>g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at NetworkProtection.Backend.ApiClient.GetLocations(String authToken, CancellationToken cancellationToken) in C:\actions-runner\_work\windows-browser\windows-browser\NetworkProtection\NetworkProtection\Backend\ApiClient.cs:line 64
at DuckDuckGo.Windows.Extensions.TaskExtensions.RetryWhen[T](Func`2 taskFactory, UInt32 retryCount, Func`2 canRetry, Func`2 backOffStrategy, CancellationToken cancellationToken) in C:\actions-runner\_work\windows-browser\windows-browser\DuckDuckGo.Windows\Extensions\TaskExtensions.cs:line 0
at NetworkProtection.Grpc.ConnectionService.GetLocationsAsync(String authToken, CallContext context) in C:\actions-runner\_work\windows-browser\windows-browser\NetworkProtection\NetworkProtection\Grpc\ConnectionService.cs:line 77

Error: (05/04/2024 01:40:21 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000005
Fault offset: 0x0000000000026abf
Faulting process id: 0x0x25f4
Faulting application start time: 0x0x1da9de58d1468bf
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 910ffa84-7f9f-4d8a-ac74-70a2d5fba148
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (05/05/2024 01:59:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 5 time(s).

Error: (05/05/2024 01:58:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 4 time(s).

Error: (05/05/2024 12:53:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 3 time(s).

Error: (05/04/2024 11:24:37 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #5, {16be7513-5637-4096-86db-a3b2f7c67c91}, had event 74

Error: (05/04/2024 07:28:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s).

Error: (05/04/2024 06:26:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/04/2024 06:25:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:26:57 AM on ‎5/‎4/‎2024 was unexpected.

Error: (05/04/2024 06:25:18 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.


Windows Defender:
================
Date: 2024-05-02 15:47:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-02 14:38:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-02 13:04:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-05-05 02:06:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO O4HKT3BA 01/16/2023
Motherboard: LENOVO 370A
Processor: Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
Percentage of memory in use: 41%
Total physical RAM: 20232.07 MB
Available physical RAM: 11753.22 MB
Total Virtual: 23688.07 MB
Available Virtual: 14902.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.59 GB) (Free:398.88 GB) (Model: Samsung SSD 980 1TB) (Protected) NTFS
Drive d: (G930) (Fixed) (Total:931.5 GB) (Free:655.13 GB) (Model: ST1000DM003-1SB102) (Protected) NTFS

\\?\Volume{222fc970-fb27-47c7-b72f-978ad70a7d9f}\ () (Fixed) (Total:0.81 GB) (Free:0.08 GB) NTFS
\\?\Volume{a57434e5-24e2-4bf0-89b0-3352e2cbc097}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DBB830C4)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0C9E5D33)

Partition: GPT.

==================== End of Addition.txt =======================
 
I also believe that this has crossed over to my iphone, I know this isnt the place for apple analytics but until a few days ago i'd never seen this in my analytics before:

{"duration_ms":"1436568","share_with_app_devs":0,"roots_installed":0,"bug_type":"145","os_version":"iPhone OS 17.4.1 (21E237)","slice_uuid":"367FACEE-80FC-34E6-8799-FD3F6B512FB1","is_first_party":0,"incident_id":"8F778145-E1DA-4BD2-9BC9-719B534F6716","timestamp":"2024-05-02 21:39:15.00 -0400","app_name":"cloudd","name":"cloudd"}
Date/Time: 2024-05-02 21:15:16.421 -0400
End time: 2024-05-02 21:39:12.989 -0400
OS Version: iPhone OS 17.4.1 (Build 21E237)
Architecture: arm64e
Report Version: 47
Incident Identifier: 8F778145-E1DA-4BD2-9BC9-719B534F6716

Data Source: Microstackshots
Shared Cache: 514D9D33-E7B9-3279-9237-5820EEDFE147 slid base address 0x19c148000, slide 0x1c148000

Command: cloudd
Path: /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
Resource Coalition ID: 1009
On Behalf Of: 99 samples cloudphotod [967] (84 samples originated by UserEventAgent [692], 14 samples originated by cloudphotod [967], 1 sample originated by UNKNOWN [1453]), 4 samples UNKNOWN [924, 925] (3 samples originated by UserEventAgent [692], 1 sample originated by SpringBoard [695])
Architecture: arm64e
Parent: launchd [1]
PID: 1406

Event: disk writes
Action taken: none
Writes: 4294.99 MB of file backed memory dirtied over 1437 seconds (2989.76 KB per second average), exceeding limit of 49.71 KB per second over 86400 seconds
Writes limit: 4294.97 MB
Limit duration: 86400s
Writes caused: 4294.99 MB
Writes duration: 1437s
Duration: 1436.57s
Steps: 2216 (10.49 MB/step)

Hardware model: iPhone15,2
Active cpus: 6
HW page size: 16384
VM page size: 16384

Time Since Boot: 1136s
Time Awake Since Boot: 1136s
Time Since Wake: n/a (machine hasn't slept)

Total CPU Time: 2762.534s
Advisory levels: Battery -> 2, User -> 3, ThermalPressure -> 0, Combined -> 2
Free disk space: 95.31 GB/119.09 GB, low space threshold 150 MB
Vnodes Available: 61.91% (14859/24000, 12000 allocated, 12000 soft limit)

Preferred User Language: en-US
Country Code: US
Keyboards: en_US QWERTY, emoji Emoji
OS Cryptex File Extents: 3

Heaviest stack for the target process:
103 ??? (libsystem_pthread.dylib + 8128) [0x2002fcfc0]
103 ??? (libsystem_pthread.dylib + 7968) [0x2002fcf20]
103 ??? (libdispatch.dylib + 91432) [0x1ac229528]
103 ??? (libdispatch.dylib + 93364) [0x1ac229cb4]
103 ??? (libdispatch.dylib + 48996) [0x1ac21ef64]
84 ??? (libdispatch.dylib + 45700) [0x1ac21e284]
84 ??? (libdispatch.dylib + 48996) [0x1ac21ef64]
72 ??? (libdispatch.dylib + 46080) [0x1ac21e400]
72 ??? (libdispatch.dylib + 15828) [0x1ac216dd4]
72 ??? (libdispatch.dylib + 8508) [0x1ac21513c]
72 ??? (MMCS + 155512) [0x1f4608f78]
72 ??? (MMCS + 148996) [0x1f4607604]
72 ??? (MMCS + 61160) [0x1f45f1ee8]
71 ??? (Foundation + 460492) [0x1a32216cc]
71 ??? (MMCS + 61324) [0x1f45f1f8c]
71 ??? (MMCS + 93036) [0x1f45f9b6c]
70 ??? (MMCS + 127072) [0x1f4602060]
70 ??? (MMCS + 219396) [0x1f4618904]
70 ??? (CoreFoundation + 217640) [0x1a434f228]
70 ??? (CoreFoundation + 217836) [0x1a434f2ec]
70 ??? (CoreFoundation + 217948) [0x1a434f35c]
70 ??? (MMCS + 219684) [0x1f4618a24]
70 ??? (MMCS + 156964) [0x1f4609524]
70 ??? (MMCS + 157396) [0x1f46096d4]
70 ??? (MMCS + 52660) [0x1f45efdb4]
70 ??? (libsystem_kernel.dylib + 65716) [0x1ec8840b4]
 
Hi, svksobe.

The logs are clean. I don't see anything subnormal in them.

Overseer.exe is part of the Avast Overseer or AVG Overseer process that belongs to the AVAST Software SRO. Also AVG Netherlands BV or AVG Technologies USA from AVAST Software (www.avast.com) or AVG Technologies CZ, sro (www.freeavg.com).

Lenovo computers come with many preinstalled programs, so the drivers you see related to Lenovo are part of these programs.

Let's take a deeper look, however, to ensure that everything is fine.

=========================

These are the basic guidelines during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


===========================

ESET Online Scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 
Thank you for reassuring me that the logs are clean. Do they show any evidence of remote access or remote administration because they shouldnt and that is honestly what I'm most worried about, I guess. My worry is that this person seems like he knows what he is doing and it really scares me. When I look at Windows Firewall settings, it shows LOTS of rules allowing RSTP, cast to device, and streaming. It sucks that I got scared and reset my computer and its also terrible that I allow someone to control me like that. When I reset my computer it probably wiped a lot of stuff that might indicate what I'm talking about. It's only been like a week or two since i reset. Is there anything else I can do just to protect myself and not feel so vulnerable? I've included a few screenshots of the incoming and outgoing rules as of today, even though AVG is set to use its firewall and have windows firewall turned off. I also always lock down my computer a bit, disable bluetooth driver, set my network aqccess to public and dont allow any wireless devices to connect, i always go into optional features and turn all that off, I go into services and always turn some things off like the work or school account and work folders but as you can see work or school account has turned itself back on.

Here is the log from the ESET scan:

5/5/2024 11:55:44 AM
Scanned files: 234498
Detected files: 1
Cleaned files: 2
Total scan time 00:35:04
Scan status: Finished
C:\Users\cory_\AppData\Local\AVG\Browser\AVGBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting
 

Attachments

  • firewall 4.png
    firewall 4.png
    250.1 KB · Views: 1
  • firewall 5.png
    firewall 5.png
    250.1 KB · Views: 1
  • firewall1.png
    firewall1.png
    410.7 KB · Views: 1
  • firewall2.png
    firewall2.png
    323.1 KB · Views: 1
  • firewall3.png
    firewall3.png
    287.4 KB · Views: 1
What do you mean "work account turns itself on" ? Can you please be more specific?

Eset scan detected AVG Browser as a potentially unwanted application. Did you use this browser? I know that it is a part of the antivirus, but if you use other browsers, I would recommend you to uninstall it. I would also recommend you to uninstall AVG TuneUp.

Otherwise, I don't see anything subnormal, as I already said.

If you uninstall the AVG Browser and the AVG TuneUp, please let me check fresh FRST logs.
 
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Start Private Message).
 
Status
Not open for further replies.
Back
Top