Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025 Ran by jptay (02-12-2025 00:07:18) Running from C:\Users\jptay\Downloads Microsoft Windows 11 Home Version 25H2 26200.7309 (X64) (2025-11-13 19:53:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2571265167-332436018-2390457406-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2571265167-332436018-2390457406-503 - Limited - Disabled) Guest (S-1-5-21-2571265167-332436018-2390457406-501 - Limited - Disabled) jptay (S-1-5-21-2571265167-332436018-2390457406-1001 - Administrator - Enabled) => C:\Users\jptay WDAGUtilityAccount (S-1-5-21-2571265167-332436018-2390457406-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Fortect Security Suite (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20937 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601120}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Fortect (HKLM\...\Fortect) (Version: 7.3.1.1 - Fortect) Google Chrome (HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\Google Chrome) (Version: 142.0.7444.176 - Google LLC) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 142.0.3595.94 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 142.0.3595.94 - Microsoft Corporation) Hidden Microsoft Office Home 2024 - en-us (HKLM\...\Home2024Retail - en-us) (Version: 16.0.19328.20244 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.206.1021.0003 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.19328.20244 - Microsoft Corporation) NVIDIA FrameView SDK 1.4.10624.35034762 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.4.10624.35034762 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19328.20106 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20206 - Microsoft Corporation) Hidden Perplexity 1.4.0 (HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\bf146e86-595f-5372-9f0f-5dfe3975eb52) (Version: 1.4.0 - Perplexity) Chrome apps: ============ Microsoft OneDrive (HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\704ebe27c2fe361aa558ed8e8d65db19) (Version: 1.0 - Google\Chrome) Packages: ========= @{MicrosoftWindows.59379618.InpApp_1000.26100.7171.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.59379618.InpApp/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.59379618.InpApp_cw5n1h2txyewy [2025-12-02] (Microsoft Windows) Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2025-11-20] () AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-11-13] (INTEL CORP) [Startup Task] DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2025.3.16.0_x64__t5j2fzbtdg37r [2025-11-13] (DTS, Inc.) HP -> C:\Program Files\WindowsApps\AD2F1837.myHP_50.52547.11766.0_x64__v10z8vjag6ke6 [2025-11-24] (HP Inc.) [Startup Task] HP Enhanced Lighting -> C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.4.4.0_x64__v10z8vjag6ke6 [2025-11-13] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\ad2f1837.hppchardwarediagnosticswindows_2.9.0.0_x64__v10z8vjag6ke6 [2025-11-13] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.4.17.0_x64__v10z8vjag6ke6 [2025-11-13] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_162.2.1122.0_x64__v10z8vjag6ke6 [2025-11-24] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.49.5.0_x64__v10z8vjag6ke6 [2025-11-15] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.2.12.0_x64__v10z8vjag6ke6 [2025-11-13] (HP Inc.) Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\microsoft.ink.handwriting.en-us.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\microsoft.ink.handwriting.en-us.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.850.1840.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.25150.49.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-11-21] () Microsoft Defender -> C:\Program Files\WindowsApps\microsoft.6365217ce6eb4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.20111.128.0_x64__8wekyb3d8bbwe [2025-11-13] (Microsoft Corporation) Microsoft.MicrosoftPCManager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.18.11.0_x64__8wekyb3d8bbwe [2025-12-01] (Microsoft Corporation) [Startup Task] Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-11-21] () NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-13] (NVIDIA Corp.) OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-11-21] () Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57242383.Tasbar_cw5n1h2txyewy [2025-12-02] (Microsoft Windows) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.59379618.InpApp_cw5n1h2txyewy [2025-12-02] (Microsoft Windows) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\jptay\AppData\Local\Google\GoogleUpdater\143.0.7482.6\updater.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\jptay\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll (Microsoft Corporation -> ) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{547E9AEF-8043-5D26-879F-01E7664192DC}\localserver32 -> C:\Users\jptay\AppData\Local\Google\GoogleUpdater\143.0.7482.6\updater.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{6DDCE70D-A4AE-4E97-908C-BE7B2DB750AD}\localserver32 -> C:\Users\jptay\AppData\Local\Google\GoogleUpdater\143.0.7482.6\updater.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{7d043d4e-4259-f459-3630-7b434fd7752c}\localserver32 -> C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (HP Inc. -> HP Inc.) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\jptay\AppData\Local\Google\Chrome\Application\142.0.7444.176\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{CD6A014A-BDE7-5978-9AEF-7E2AD288E849}\localserver32 -> C:\Users\jptay\AppData\Local\Google\GoogleUpdater\143.0.7482.6\updater.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2571265167-332436018-2390457406-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Users\jptay\AppData\Local\Google\Chrome\User Data\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-10-31] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-22] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [MidisrvTransferComplete] => 0 ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\jptay\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_abnfpfhjmipcnaibcolbacfhgfcmjjbn\Microsoft OneDrive.lnk -> C:\Users\jptay\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=abnfpfhjmipcnaibcolbacfhgfcmjjbn ShortcutWithArgument: C:\Users\jptay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Microsoft OneDrive.lnk -> C:\Users\jptay\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=abnfpfhjmipcnaibcolbacfhgfcmjjbn ==================== Loaded Modules (Whitelisted) ============= 2025-11-17 01:49 - 2025-11-17 01:49 - 000085504 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\HP.SEU.Localization\e033cb32297239ebc102089e8ed57cc4\HP.SEU.Localization.ni.dll 2025-11-17 01:49 - 2025-11-17 01:49 - 000038400 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Logging\7d74eb78d25ee6a0e9ae6f31f4dc9e5d\Logging.ni.dll 2025-11-17 01:49 - 2025-11-17 01:49 - 000153600 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\RpcClient\75a22027fc64a883644278d8ce637be2\RpcClient.ni.dll 2025-11-17 01:49 - 2025-11-17 01:49 - 000125440 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\WMISDK\9821d6854f147d779c6e896d024bfe83\WMISDK.ni.dll 2025-11-17 01:48 - 2025-11-17 01:48 - 003884544 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\e3f6bd2dbc826fbc07098652b4dc35ab\Newtonsoft.Json.ni.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2025-10-21] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2025-10-21] (HP Inc. -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-13] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2024-04-01 01:26 - 2024-04-01 01:24 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 68.105.28.11 - 68.105.29.11 Windows Firewall is enabled. Network Binding: ============= Wi-Fi: Intel(R) Wi-Fi 7 BE200 320MHz -> Netwaw18.sys Wi-Fi 5: Intel(R) Wi-Fi 7 BE200 320MHz -> Netwaw18.sys Wi-Fi 4: Intel(R) Wi-Fi 7 BE200 320MHz -> Netwaw18.sys Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys Wi-Fi 2: Intel(R) Wi-Fi 7 BE200 320MHz -> Netwaw18.sys Wi-Fi 3: Intel(R) Wi-Fi 7 BE200 320MHz -> Netwaw18.sys vms_vsf: Hyper-V Virtual Switch Extension Filter ms_l1vhlwf: Nested Network Virtualization vms_vsp: Hyper-V Virtual Switch Extension Protocol ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2571265167-332436018-2390457406-1001\Control Panel\Desktop\\Wallpaper -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "Fortect" HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E3EC2922EE02157A7F703D4F8C455BD3" HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser143.0.7482.0" HKU\S-1-5-21-2571265167-332436018-2390457406-1001\...\StartupApproved\Run: => "HPSEU_Host_Launcher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C61ED1B6-E163-4935-A267-8BD9D1804B61}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe => No File FirewallRules: [{EE993CE5-D73E-450E-BAA5-8C374E3ED20F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe => No File FirewallRules: [{5A88E897-1842-4865-9675-8F85845B3746}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{3945C16B-FBB2-44D6-8A83-DFCE2D05EEED}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{3D3850B4-0492-43C8-BAC6-BBB323C691BE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{F11F2BAB-2F3B-4D3F-BE67-20273A9E904A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{7F89F637-7D32-4609-9CA3-01BC2572E2F7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{26C2D3B6-0F10-42F4-B5E0-B2C6719A3D6F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{09CF6251-D26B-4DD2-A8FC-FCDDBD21DEB1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{CE20A71A-590E-4775-B92E-88B6B81B3BE6}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{B058A05F-CE21-47F7-8C61-CD6778FED54E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{90B0A8B8-E93F-4CD9-8DD6-054169E7FB4E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{BA79B132-B91F-4FAF-89D9-DA28B09B393B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{148FF3EF-2BC1-4012-806D-1FCA8EDB3724}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{B81F04BB-B7DE-4F79-BE94-B2C7F031316C}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{388C88BB-1C3E-4716-816D-3360C0BF0565}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.21.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe => No File FirewallRules: [{2EF9D487-3C16-4085-8059-F573492CA71C}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.) FirewallRules: [{1EAEEDDA-C686-473B-AE18-4BBB2385BACD}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.) FirewallRules: [TCP Query User{195FAC02-471C-49B5-A841-552C510DA63B}C:\users\jptay\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jptay\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{06C0F63A-0F94-4AFD-9551-B7DDE00A1CD3}C:\users\jptay\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jptay\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{010F054B-D0DA-47A2-9DCA-C0E41EFBFCC8}C:\users\jptay\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jptay\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{59FB5C87-8295-4D92-8ED4-C2EB7EF67FA5}C:\users\jptay\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jptay\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:475.69 GB) (Free:399.85 GB) (84%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/01/2025 11:55:52 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 13956. Message ID: [0x2509]. Error: (12/01/2025 10:24:46 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 7992. Message ID: [0x2509]. Error: (12/01/2025 10:03:02 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 21280. Message ID: [0x2509]. Error: (12/01/2025 10:00:34 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-9T21MAJ5) Description: Faulting application name: Explorer.EXE, version: 10.0.26100.7019, time stamp: 0x70ba4c6d Faulting module name: Microsoft.UI.Xaml.dll, version: 3.1.6.0, time stamp: 0x97cdad17 Exception code: 0xc000027b Fault offset: 0x00000000003a3385 Faulting process id: 0x2790 Faulting application start time: 0x1dc5d820fd59414 Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe\Microsoft.UI.Xaml.dll Report Id: 5b3be1c4-47a4-4fd0-b6b5-ae12f5f19c7b Faulting package full name: Faulting package-relative application ID: Error: (12/01/2025 09:53:23 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program WWAHost.exe version 10.0.26100.7019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (12/01/2025 09:53:16 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program SystemSettings.exe version 10.0.26100.7019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (12/01/2025 07:56:04 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 20848. Message ID: [0x2509]. Error: (11/29/2025 10:18:52 AM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 30048. Message ID: [0x2509]. System errors: ============= Error: (12/02/2025 12:05:48 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY) Description: The Secure Boot update failed to update SBAT with error -1878589247. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931 Error: (12/02/2025 12:05:47 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY) Description: Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here. DeviceAttributes: FirmwareManufacturer:Insyde;FirmwareVersion:F.08;OEMModelBaseBoard:8C67;OEMManufacturerName:HP;OSArchitecture:amd64; BucketId: feeb7305fd0ecde4bfb15bebcc511c54e833aaf636d0949cf0493f31de211fe3 BucketConfidenceLevel: UpdateType: For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018. Error: (12/01/2025 11:14:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (12/01/2025 11:08:58 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY) Description: The Secure Boot update failed to update SBAT with error -1878589247. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931 Error: (12/01/2025 11:08:57 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY) Description: Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here. DeviceAttributes: FirmwareManufacturer:Insyde;FirmwareVersion:F.08;OEMModelBaseBoard:8C67;OEMManufacturerName:HP;OSArchitecture:amd64; BucketId: feeb7305fd0ecde4bfb15bebcc511c54e833aaf636d0949cf0493f31de211fe3 BucketConfidenceLevel: UpdateType: For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018. Error: (12/01/2025 10:52:58 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY) Description: The event logging service encountered an error (5) while enabling publisher {0bf2fb94-7b60-4b4d-9766-e82f658df540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity. Error: (12/01/2025 10:51:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Intel(R) Dynamic Tuning Technology Telemetry Service service did not shut down properly after receiving a preshutdown control. Error: (12/01/2025 03:08:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1053" attempting to start the service WaaSMedicSvc with arguments "Unavailable" in order to run the server: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Windows Defender: ================ Date: 2025-12-01 17:10:17 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Stop Reason: Unknown  CodeIntegrity: =============== Date: 2025-12-01 17:07:39 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements. Date: 2025-12-01 17:07:39 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2025-12-01 17:00:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\jptay\AppData\Local\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Insyde F.08 07/25/2025 Motherboard: HP 8C67 Processor: Intel(R) Core(TM) Ultra 7 155H Percentage of memory in use: 39% Total physical RAM: 15883.18 MB Available physical RAM: 9585.74 MB Total Virtual: 16907.18 MB Available Virtual: 9874.18 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:399.85 GB) (Model: SAMSUNG MZVL2512HDJD-00BH1) (Protected) NTFS \\?\Volume{2f0def84-097a-4a1b-aae9-e937dbb2d40c}\ () (Fixed) (Total:0.97 GB) (Free:0.12 GB) NTFS \\?\Volume{b4a71155-7249-4d68-bd77-843f943458f6}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 9BDAB7DC) Partition: GPT. ==================== End of Addition.txt =======================