[SOLVED] High level of data usage in uninstalled processes on PC

[NewbieBluey]

I asked this question on the windows 10 forum and suggested I post here.


High level of data usage in uninstalled processes on PC

I asked the same question on the Malwarebytes forum earlier this week.

High level of data usage in uninstalled processes on PC (1tb)

 

[xrobwx71]

Original post at Sysnative.

 

[NewbieBluey]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
Ran by clang (administrator) on DESKTOP-N4NCUCI (HP HP ProDesk 600 G2 SFF) (04-08-2023 17:47:54)
Running from C:\Users\clang\Desktop\FRST64 (1).exe
Loaded Profiles: clang
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files (x86)\GlassWire\GWCtlSrv.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(services.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9243072 2017-12-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\Run: [MicrosoftEdgeAutoLaunch_D27EA374A43591859044C9DD98C93F1B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088256 2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4371816 2023-07-10] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10866568 2023-05-24] (GlassWire -> SecureMix LLC)
HKU\S-1-5-18\...\RunOnce: [InstallBootstrap] => "C:\ProgramData\NordUpdater\updates\q10rhsc1.exe" (No File)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C5B73A2C-8856-46E3-A56A-695D47D1C396} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 ] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {54B02D89-C0B3-4E9A-B08F-06226383661E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {58D6F0BD-82EE-4D77-9146-4C8285ECDDA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {559ED554-AE0F-4B49-A3F7-AB146D75F9C4} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe [291160 2021-04-01] (HP Inc. -> HP Inc.)
Task: {4BA87D7D-8F47-401C-B0FF-4D365149F7F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {581FA432-B6DE-401A-8102-DBC56EEB2D53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {768F9D4F-32DE-457C-862A-57980001F290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6971193-788A-4F5B-99F8-A012BB9EB240} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B4D93B8-2515-4870-B8ED-0D74DB2DF3D6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-04] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {3AF8A8A7-8AFB-4743-97BC-237545682F74} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-04] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{61effc3a-6fe9-49ba-942a-810b87d32d75}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8a3bec5a-9fa1-464a-8edb-2fdaedb1710e}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-04]
Edge HomePage: Default -> hxxp://www.yahoo.com/
Edge StartupUrls: Default -> "hxxps://www.yahoo.com/"
Edge Extension: (Malware & URL Scanner) - C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dobclpbemdncfmdfnppjhcigfcdkojjh [2023-04-18]
Edge Extension: (HTTPS Everywhere) - C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-05-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-01]
Edge Extension: (Edge relevant text changes) - C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-25]
Edge Extension: (uBlock Origin) - C:\Users\clang\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-07-20]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: cbgouedl.default
FF ProfilePath: C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\cbgouedl.default [2023-07-31]
FF ProfilePath: C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release [2023-08-04]
FF Extension: (BetterTTV) - C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release\Extensions\firefox@betterttv.net.xpi [2023-08-02]
FF Extension: (FrankerFaceZ) - C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release\Extensions\frankerfacez@frankerfacez.com.xpi [2023-07-31] [UpdateUrl:hxxps://cdn.frankerfacez.com/script/firefox-updates.json]
FF Extension: (uBlock Origin) - C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-07-31]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-08-03]
FF Extension: (Return YouTube Dislike) - C:\Users\clang\AppData\Roaming\Mozilla\Firefox\Profiles\31edb3z0.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-07-31]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7947656 2023-05-24] (GlassWire -> SecureMix LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-01] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-01-04] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation -> Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [199640 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKslb58d6cc1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95CDCAD1-DE40-4081-B0A9-04BAD36F626B}\MpKslDrv.sys [221480 2023-08-04] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.11.3.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2021-06-09] (nordvpn s.a. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-06-24] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 AKAI_ACV3_MIDI; \SystemRoot\system32\drivers\akaiacv3m.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-04 17:47 - 2023-08-04 17:49 - 000018518 _____ C:\Users\clang\Desktop\FRST.txt
2023-08-04 17:46 - 2023-08-04 17:47 - 002700800 _____ (Farbar) C:\Users\clang\Desktop\FRST64 (1).exe
2023-08-03 18:59 - 2023-08-03 18:59 - 000561242 _____ C:\Users\clang\Documents\DESKTOP.zip
2023-08-03 18:58 - 2023-08-03 18:58 - 007302852 _____ C:\Users\clang\Documents\DESKTOP.arn
2023-08-03 18:53 - 2023-08-03 18:53 - 000000000 ____D C:\Users\clang\AppData\Roaming\Microsoft\HTML Help
2023-08-03 18:39 - 2023-08-03 18:39 - 000002072 _____ C:\Users\clang\Documents\tcpview.zip
2023-08-03 18:36 - 2023-08-03 18:38 - 000015008 _____ C:\Users\clang\Documents\tcpview.csv
2023-08-03 18:33 - 2023-08-03 22:09 - 000000000 ____D C:\Users\clang\AppData\Local\Sysinternals
2023-08-03 07:04 - 2023-08-03 07:05 - 000052139 _____ C:\WINDOWS\system32\0
2023-08-02 18:43 - 2023-08-02 18:44 - 000000000 ____D C:\AdwCleaner
2023-08-02 17:56 - 2023-08-02 17:56 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-08-01 18:18 - 2023-08-01 18:18 - 000000000 ____D C:\Users\clang\AppData\Roaming\JAM Software
2023-08-01 18:18 - 2023-08-01 18:18 - 000000000 ____D C:\Program Files\JAM Software
2023-08-01 18:12 - 2023-08-01 18:12 - 000162568 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2023-08-01 07:01 - 2023-08-01 07:01 - 009934302 _____ C:\Users\clang\Documents\cureitlog.txt
2023-08-01 05:46 - 2023-08-01 06:59 - 000000000 ____D C:\Users\clang\Doctor Web
2023-07-31 20:00 - 2023-07-31 20:02 - 000000000 ____D C:\KVRT2020_Data
2023-07-31 19:59 - 2023-07-31 20:00 - 105471656 _____ (AO Kaspersky Lab) C:\Users\clang\Desktop\KVRT.exe
2023-07-31 17:19 - 2023-07-31 17:19 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2023-07-31 17:19 - 2023-07-31 17:19 - 000000000 ____D C:\Users\clang\AppData\Local\glasswire
2023-07-31 17:19 - 2023-07-31 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2023-07-31 17:18 - 2023-07-31 17:19 - 000000000 ____D C:\Program Files (x86)\GlassWire
2023-07-31 17:18 - 2023-07-31 17:18 - 000000000 ____D C:\ProgramData\glasswire
2023-07-31 17:18 - 2015-05-29 02:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2023-07-31 17:18 - 2015-05-29 02:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2023-07-31 17:00 - 2023-08-04 13:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-31 17:00 - 2023-08-04 13:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-07-31 17:00 - 2023-08-04 13:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-07-31 17:00 - 2023-08-04 13:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-31 17:00 - 2023-07-31 17:00 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-07-31 17:00 - 2023-07-31 17:00 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-07-31 17:00 - 2023-07-31 17:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-07-31 17:00 - 2023-07-31 17:00 - 000000000 ____D C:\Users\clang\AppData\Roaming\Mozilla
2023-07-31 17:00 - 2023-07-31 17:00 - 000000000 ____D C:\Users\clang\AppData\Local\Mozilla
2023-07-31 09:35 - 2023-08-02 18:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2023-07-31 09:35 - 2023-07-31 09:35 - 000000000 ____D C:\Users\clang\AppData\Local\HP
2023-07-31 09:35 - 2023-07-31 09:35 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-07-31 09:34 - 2023-07-31 09:34 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-07-31 09:01 - 2023-07-31 09:01 - 000000264 _____ C:\Users\clang\Documents\esetscan.txt
2023-07-31 05:57 - 2023-07-31 05:57 - 000001382 _____ C:\Users\clang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-07-31 05:57 - 2023-07-31 05:57 - 000000000 ____D C:\Users\clang\AppData\Local\ESET
2023-07-30 19:14 - 2023-07-30 19:14 - 000001235 _____ C:\Users\clang\Documents\mwbscan7-30-23.txt
2023-07-11 13:39 - 2023-07-11 13:39 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-04 17:48 - 2022-04-16 09:21 - 000000000 ____D C:\FRST
2023-08-04 17:43 - 2021-10-13 21:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-04 17:07 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-04 01:28 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-04 01:28 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-04 00:35 - 2023-04-22 00:58 - 000000000 ____D C:\Users\clang\AppData\Local\Malwarebytes
2023-08-02 21:10 - 2022-03-01 21:51 - 000000000 ____D C:\Users\clang\AppData\Local\D3DSCache
2023-08-02 17:58 - 2021-10-13 18:03 - 000000000 __SHD C:\Users\clang\IntelGraphicsProfiles
2023-08-02 17:56 - 2021-10-13 21:07 - 000000000 ____D C:\Users\clang
2023-08-02 17:55 - 2022-02-12 07:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-02 17:55 - 2021-10-13 21:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-02 17:55 - 2021-10-13 21:02 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-02 17:55 - 2021-10-13 17:59 - 000000000 ____D C:\Intel
2023-08-02 17:53 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-02 17:46 - 2021-10-13 17:59 - 000000000 ____D C:\Users\clang\AppData\Local\Packages
2023-08-02 17:35 - 2022-11-03 13:49 - 000000000 ____D C:\Users\clang\AppData\Local\ElevatedDiagnostics
2023-08-02 03:47 - 2022-03-05 10:04 - 000000000 ____D C:\Program Files\NordUpdater
2023-08-02 03:47 - 2022-02-12 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2023-08-02 03:47 - 2022-02-12 07:51 - 000000000 ____D C:\Program Files\NordVPN
2023-08-02 00:52 - 2021-10-13 18:10 - 000000000 ____D C:\Users\clang\AppData\Local\CrashDumps
2023-08-01 18:06 - 2022-03-01 22:50 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2023-08-01 17:58 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-01 17:37 - 2022-05-28 10:40 - 000000000 ____D C:\ProgramData\GOG.com
2023-08-01 17:37 - 2022-05-28 10:40 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2023-08-01 17:37 - 2022-03-01 22:50 - 000000000 ____D C:\Users\clang\AppData\Local\BraveSoftware
2023-08-01 17:34 - 2021-10-13 18:05 - 000000000 ___RD C:\Users\clang\OneDrive
2023-08-01 05:37 - 2022-03-06 12:08 - 000000000 ____D C:\Users\clang\AppData\LocalLow\IGDump
2023-07-31 18:15 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-31 17:18 - 2022-02-12 07:50 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-31 14:47 - 2022-11-13 09:07 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-31 14:46 - 2022-02-12 07:51 - 000000000 ____D C:\Users\clang\AppData\Local\NordVPN
2023-07-31 14:39 - 2021-10-13 21:03 - 000328624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-31 09:36 - 2022-03-01 21:52 - 000000000 ____D C:\ProgramData\HP
2023-07-28 00:28 - 2021-10-13 21:07 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-28 00:28 - 2021-10-13 21:07 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-27 11:42 - 2021-10-13 18:42 - 000918960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-24 20:25 - 2021-05-14 14:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-11 20:22 - 2022-02-12 07:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 20:21 - 2022-02-12 07:01 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7c0a0e7eefd68
2023-07-11 20:19 - 2021-10-13 21:15 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-11 20:10 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-11 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-11 14:03 - 2021-10-13 21:06 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-11 13:36 - 2021-10-13 20:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-11 13:34 - 2021-10-13 20:09 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[NewbieBluey]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by clang (04-08-2023 17:50:25)
Running from C:\Users\clang\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) (2021-10-14 02:17:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1187891039-2213116806-2605294233-500 - Administrator - Disabled)
clang (S-1-5-21-1187891039-2213116806-2605294233-1001 - Administrator - Enabled) => C:\Users\clang
DefaultAccount (S-1-5-21-1187891039-2213116806-2605294233-503 - Limited - Disabled)
Guest (S-1-5-21-1187891039-2213116806-2605294233-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1187891039-2213116806-2605294233-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Install Manager (HKLM\...\{34BEC0C2-5028-141A-B25A-B54DDD61303E}) (Version: 9.0.000.1 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Problem Report Wizard (HKLM\...\{B546DB62-8A8C-9A81-BE2C-6CEF62C26A02}) (Version: 9.0.000.1 - Advanced Micro Devices, Inc.) Hidden
AMD Settings - Branding (HKLM\...\{7314174C-890C-436C-BD2D-61F284755FD0}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (HKLM-x32\...\{11087D24-567D-7D88-69C6-D7A08B5F4C47}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
GlassWire 3.3 (remove only) (HKLM-x32\...\GlassWire 3.3) (Version: 3.3.504 - SecureMix LLC)
H&R Block Business 2021 (HKLM-x32\...\{C4E2FC24-AE11-496C-99F9-EA51CB1F7270}) (Version: 21.0.7942.28190 - HRB Technology, LLC.)
H&R Block Illinois 2021 (HKLM-x32\...\{39F81C1D-C1A5-4068-832E-B34112BB25F5}) (Version: 1.21.3301 - H&R Block, Inc.)
H&R Block Premium + Efile + State 2021 (HKLM-x32\...\{EDB7F331-6C76-4B85-A8EC-764B213E2E51}) (Version: 21.07.7403 - HRB Technology, LLC.)
HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.1 (x64 en-US)) (Version: 116.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.3 - Mozilla)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.78 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.11.3.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OpenOffice 4.1.13 (HKLM-x32\...\{D86F0E67-2C02-4DFF-A46A-6871BA809A51}) (Version: 4.113.9810 - Apache Software Foundation)
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.49.33 - Quicken)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8335 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TreeSize Free V4.6.3 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.3 - JAM Software)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-13] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-01] (INTEL CORP) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1187891039-2213116806-2605294233-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-06-25 17:53 - 2015-06-25 17:53 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 17:51 - 2015-06-25 17:51 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-25 18:34 - 2015-06-25 18:34 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 18:37 - 2015-06-25 18:37 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 18:38 - 2015-06-25 18:38 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 18:35 - 2015-06-25 18:35 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\A4.Foundation\3ba99eafae6cabf98d9ced4f0e642a55\A4.Foundation.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\5eda9f343a31f5c5e0d3b6b3d2606297\AEM.Actions.CCAA.Shared.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\f076342f9865d67a34652b966eebae1c\AEM.Plugin.EEU.Shared.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\9399530e25c683f4334ff5ae3d43e125\AEM.Plugin.Hotkeys.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000315904 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\aa3ca10bd820b3b792b65ea9b7322dd6\AEM.Plugin.Source.Kit.Server.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\027643de36237e0d34b0f766c0a2d9f7\AEM.Plugin.WinMessages.Shared.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\8365b83c1222c76dc533ec8a37f2bb84\AEM.Plugin.REG.Shared.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\7ce2751051294fe0cc40cb03d16b185c\AEM.Plugin.GD.Shared.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\00ce93aecf714c687fcee1efcc1b11ae\AEM.Server.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server\422b504ff9378084aa92d03aa5b1bd6d\AEM.Server.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Foundation\38d857203bb0bbf753e2f6c09aff8e90\APM.Foundation.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ATICCCom\ca6f7dc67ac6c685a0406e75a283e9be\ATICCCom.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000203776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\0840c205870e61c5e3ee300b9a1856f5\CCC.Implementation.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\cd2de7b404849ba7fcffe978c559fbc6\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\4786267075af76d8a81fb294c936cd67\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\a74dae9558078cb0d8cfcede4ca3f57e\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\786418c638661dba26d17516adaaba67\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\ceeed3015c8e49c3b0ca7a6cffe9708b\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\fd383af2abc82a0dcdad42ea397b81b7\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\6165483ba82cebf4897181c8f40ca73e\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000364544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\b066e086fad1ec5443323f3b4e6a6927\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000064000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\08a3e44ae54414d11b8fe8a3c16f2c61\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000677888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\0a6dcdc3a8a4b86aa86e01ec93cbda97\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000320512 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.87ad5c75#\fb697927acbf2fd1fa1faae56d2f7084\CLI.Aspect.OverDrive5.Graphics.Dashboard.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000745984 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\d36349623a465ef33ed7cdb2694a826e\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000449536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\1d536445ff00896e5311dde11be508d9\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\40677dcc0627cd72c1649a6da406f0d6\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000158208 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\b620b7cd53eea3680a504e2fae2caa2c\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\3a2bf51a0b9e029eb45027c51ab42169\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000082944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\048c9ecdb9c0e199fbc7842fbc98bdcf\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\4ac546bc129f3c48200cdf1e98a84398\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\96a4267c6845498e83cd98ec31db5c2d\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\b8801242a185f5e316c15ac1f36f7b88\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000340992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\4de95de7c2da18c548ec98f3a38ff102\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\f2ee62ec1413b81aa2d830de57a86d6b\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000276480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\2d103e2fd36b7790dbb2ae89bdf51095\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 003313152 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\350ca0e982ac84e608fbcb4b4d7d205a\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000240640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\31cd5c180e614866c22052f9cb7d0794\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\4387cd9bc6f82858afaf777875567894\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\473d4c2cdac2d76ce9a7ec2a8bad5f67\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\141c8b81df5efb229b3a5025d3cbfc38\CLI.Caste.A4.Runtime.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\c9db39f913c9884bb420e571152b828e\CLI.Caste.A4.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\f6e54cecbbf3c71b0489839d33105cd6\CLI.Caste.A4.Dashboard.ni.dll
2023-07-12 01:10 - 2023-07-12 01:10 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\32cb8e5519e6836d0b67e5bdc51a1761\CLI.Caste.Fuel.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\50c4433ae2e20acb0b3e3798de86ea4a\CLI.Caste.Fuel.Runtime.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\5268a12c61ed1aa1c52606a2e6a15500\CLI.Caste.Fuel.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\ab92f0c9bf551760d07a856356f4f283\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 001556480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\195b8ba23aff131a14994e9613d9504f\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000587776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\8596af18fb5d55c411f8ec1995685f7f\CLI.Caste.Graphics.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\ff2072c3df6f59eacc9d2e594ff9bb4d\CLI.Caste.HydraVision.Runtime.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\d5916ac06391a88fe8ceaf746e819c60\CLI.Caste.HydraVision.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\42178588ca2661e3a200b5d05a6617ce\CLI.Caste.HydraVision.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\2ac63726ab73db21484c0fcb3d05e451\CLI.Caste.Platform.Shared.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\0e492bc3f1c9afeebb3bd43872c3358f\CLI.Caste.Platform.Runtime.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\b47ea82d791b3042cef71a8e7c644cac\CLI.Caste.Platform.Dashboard.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\cf32408a78b16dadd24e8d200eacd53b\CLI.Component.Runtime.Shared.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\083733fcf8d0e926ba9c2ef3da89c961\CLI.Component.Dashboard.ProfileManager2.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\f011b4654c5fa9f9de24f5e5e5812d43\CLI.Component.Runtime.Shared.Private.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\ac0a1baf08eb78b52c86810d0db3892f\CLI.Component.Runtime.Extension.EEU.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 001609728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\3b4877a21f0c58daabc728b5d8f3ddf3\CLI.Component.Dashboard.Shared.Private.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\bded701ab44dbd307422efbf237b694b\CLI.Component.Client.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\986ca42294171003f16764afea49979f\CLI.Component.Dashboard.Shared.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000089600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\f419ce8a52871f902a66191fd32c979b\CLI.Foundation.Private.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\9bc9e5c1d95be31eed52100850f723a7\CLI.Foundation.XManifest.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\baecf448d43d33a56d29242281212e6d\CLI.Foundation.CoreAudioAPI.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 001079296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\c1ca39f3f53ba5e62727e7aad491a1e2\CLI.Foundation.Client.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\80cffb143838e71b067c44827e11c779\CLI.Foundation.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\25ae0c4a6ce0e1295d6de058372cb7f0\DEM.Foundation.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000115200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\c41ffa882fcb07228ef5da6cd41a7af3\DEM.Graphics.I0601.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\ec49b3b507073a0f52ffa0e92bf5bf7a\DEM.Graphics.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\99e93f2c91025d41d047cc1ec7b156a3\Fuel.Foundation.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000297472 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\b2032ab866df546b56df89e1f8c13b26\LOG.Foundation.Implementation.ni.dll
2023-07-26 21:32 - 2023-07-26 21:32 - 000150016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\e8d8b53497ceb2e3dbfc07c7440541c8\LOG.Foundation.Private.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000087552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\a72abc0cccda7c178fb9297f2e4d2a77\LOG.Foundation.Implementation.Private.ni.dll
2023-07-26 21:32 - 2023-07-26 21:32 - 000132608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\80bc033c10ce89c09eedbdfc399b3c02\LOG.Foundation.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\632e6849e5e8aeb118327ba12b915dbd\MOM.Foundation.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000402432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\3c19c200b42d3335452ab3db63f36eab\MOM.Implementation.ni.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\d7c5d369ac1a0051d24901cbbe82d1b3\NEWAEM.Foundation.ni.dll
2015-08-04 01:14 - 2015-08-04 01:14 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamenu.dll
2023-07-11 23:50 - 2023-07-11 23:50 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\4d500a6d6ed9b98d8e2aea1242979988\ADL.Foundation.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000256000 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Server\c870604045089466d687002cba1ded00\APM.Server.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000298496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\a3154d34a0adc3bd56424b81b18f44f2\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 001654272 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\1906a9535387e4c7f756b6ab02024f3d\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 006336512 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\8cf6069e6ef4c3ac542a7686314d239c\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 008028160 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\a3680769d45a7b15ff3e563fc9b28c7d\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 001160192 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\5f6fa363e7e9597372b7b173337e64df\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\a0e4ee10ec5e531a6a33c9510a8a51e2\CLI.Component.Client.Shared.Private.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000235008 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\5ab2bc287b7394d4fa9c80d5bf1580cd\CLI.Component.Runtime.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000929280 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\abf761eb40827c586f2da3341bca5857\CLI.Component.Dashboard.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000016896 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0703\44aa08e0a61f7e048e959d30b6660419\DEM.Graphics.I0703.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\5b91b0aef8f3b96f7cc87c3bd071044c\DEM.Graphics.I0706.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\91b9a62817ea520c0ef597591efac4e0\DEM.Graphics.I0709.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\befcb05f213509bb5e0612501ca62b4d\DEM.Graphics.I0712.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\a5977f70921b926351e4b3f21db243f4\DEM.Graphics.I0804.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\411cbb5bc75118ae01b1d0b7fbb59ec5\DEM.Graphics.I0805.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\4bb045b45fc46e32b096f8c81fdcf80b\DEM.Graphics.I0812.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\71af485fe9e9e4831a1101fd393a1b6c\DEM.Graphics.I0906.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\3503ddd2369a754afda03e0aebf8c2de\DEM.Graphics.I0912.ni.dll
2023-07-12 01:11 - 2023-07-12 01:11 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\3519d98cc5b92c8aa05e37352bb2dbd2\DEM.Graphics.I1010.ni.dll
2023-07-11 23:51 - 2023-07-11 23:51 - 001139200 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\db086a48cf4f80a678475aab22880c76\Localization.Foundation.Private.ni.dll
2023-07-26 21:34 - 2023-07-26 21:34 - 000244736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\6bb5c22bdef59a5ea3606c6c9e4b1a2e\ResourceManagement.Foundation.Implementation.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\5d0a2531f4f9209c1ac2a3d59c5b8b87\ResourceManagement.Foundation.Private.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\88816e02e7136b46851ec4d82c7ed9b0\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 002845696 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\9a521a8a2f1d4b3953ffeecbf2147e0c\CLI.Caste.Graphics.Shared.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 003267584 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\3a6b21b4dcd461cb3a783bce435efedd\CLI.Caste.Graphics.Runtime.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 000335360 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.W8090224c#\ed8d100e19c37cd3319a999f24a3786e\Microsoft.WindowsAPICodePack.ni.dll
2023-07-26 21:33 - 2023-07-26 21:33 - 002582016 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.Wfbf9373c#\7ad4c01128c6591a5734d6fce894e1b2\Microsoft.WindowsAPICodePack.Shell.ni.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2015-06-25 18:15 - 2015-06-25 18:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2015-06-25 18:15 - 2015-06-25 18:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2015-06-25 18:15 - 2015-06-25 18:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2015-06-25 18:17 - 2015-06-25 18:17 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2015-06-25 18:20 - 2015-06-25 18:20 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2015-06-25 18:21 - 2015-06-25 18:21 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2015-06-25 18:14 - 2015-06-25 18:14 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2015-07-02 13:58 - 2015-07-02 13:58 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2015-06-25 18:03 - 2015-06-25 18:03 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2015-06-25 18:00 - 2015-06-25 18:00 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2015-06-25 18:23 - 2015-06-25 18:23 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2015-06-25 18:28 - 2015-06-25 18:28 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2015-06-25 18:16 - 2015-06-25 18:16 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2015-06-25 18:08 - 2015-06-25 18:08 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2015-06-25 18:58 - 2015-06-25 18:58 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2015-06-25 17:59 - 2015-06-25 17:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\clang\Desktop\FRST64 (1).exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\clang\Desktop\KVRT.exe:MBAM.Zone.Identifier [156]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-1187891039-2213116806-2605294233-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{469BF36A-CE84-4F01-B855-3376C38837AF}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{771FDEAD-B521-4C12-82D5-FCAAD34DC1BD}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2F83ACD5-DDF1-463A-9C09-E97AF08D0A72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{40CDF570-64F8-4B8F-AF09-48F5E80DBE82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{47A3180C-2AAB-4654-BCC7-1C3732DE68F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F265BC83-59DD-45D9-AEC9-B1B43347FB6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CC2BA7B6-183B-49D6-BA15-92D729F7FE40}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71B2C8A9-8A12-4A7F-9F5B-5C186082A063}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{73FFA07A-F0AD-4B6C-AF63-EF51346B87F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{044D6AF0-7492-46B2-A3F0-FC7FA4F0C15A}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{930E6EDC-92AA-434B-8DBB-A195358A25EE}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{2425F5D7-1C6F-4FBD-BE25-EF6B24DEA9AB}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{3A2C920C-BCFF-4CBC-9ED1-F52DB9B717B0}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{39209E2E-9545-4F53-9729-8506B593029B}] => (Allow) c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65ED3D3B-3DAE-46E4-B5A4-FF65C3AA0E39}] => (Allow) c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B698E63B-DD88-494B-B094-E71CBB72996E}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\filecoauth.exe => No File
FirewallRules: [{93C7E7AD-60C8-48D5-B59C-0AC504867607}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\filecoauth.exe => No File
FirewallRules: [{A0B005F1-2098-41AD-B370-27DA46B91761}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{22C1B1AD-D23A-4D61-A633-9110650B250B}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3549B6F3-FA01-421D-9D2E-661CD4D86CFB}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AAE7CA92-B418-41E3-A51A-00B54ED5D5ED}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F716F103-6775-4DA1-9047-1C308E9B4FB7}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9C860B23-AC48-4499-8980-F3A4D78960AA}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{11ADB5D3-BEB5-43C4-B72B-179433075F1C}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{8F428DAE-C37D-4A01-9E7D-67F0B0F66638}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{E48A1CAD-1B74-4E8E-AA04-FBA7157E647F}] => (Allow) c:\program files\mozilla firefox\pingsender.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{E66BDF83-6EA9-4EE2-81A1-D24008C2B5B5}] => (Allow) c:\program files\mozilla firefox\pingsender.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{FDC8F9E2-DC67-43F6-871B-86F4A66C16EC}] => (Allow) c:\program files\nordupdater\nordupdateservice.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{1A4090DA-2ABD-4A10-A0E6-4BBCAF68C55F}] => (Allow) c:\program files\nordupdater\nordupdateservice.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{4883D02B-3503-495D-8FD5-63996E371416}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{C96B4BFE-FA44-4DAC-A0DF-B7B1B30A76D8}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{A4B57DDE-4A84-4F21-A4B5-59EFAB21A445}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{E7C99301-8D02-4CC7-8B9A-0B764A00D32C}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{163EA048-F8EF-47E5-8F5B-02D81490C08C}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BDAFA903-8EFD-443B-9381-015B94BA8D72}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{22F8A3D0-725E-4E9B-AD1D-F53F84126653}] => (Allow) c:\windows\systemapps\microsoft.windows.search_cw5n1h2txyewy\searchapp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{267BBE66-1B8D-4F5F-A955-817A991AF5E0}] => (Allow) c:\windows\systemapps\microsoft.windows.search_cw5n1h2txyewy\searchapp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7F319BC2-DEA8-4AF3-852E-C2707ABF17E7}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4BE3A250-9909-411C-BF83-51F0D3DA4617}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3B3719EA-5830-487F-9F00-EC9259BEB389}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.23050.9-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{F318FCD7-9903-4D23-B0FD-8AF5ECD6E641}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.23050.9-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{128F7DC5-9D00-4F16-AD04-DD62C6CBDCFE}] => (Allow) c:\program files\windowsapps\7340robertdurfee.networkusage_3.1.8.0_x64__ygerwv1yqg9j8\networkusage.exe => No File
FirewallRules: [{6343887A-C939-4F0C-922C-4E434F21CBC5}] => (Allow) c:\program files\windowsapps\7340robertdurfee.networkusage_3.1.8.0_x64__ygerwv1yqg9j8\networkusage.exe => No File
FirewallRules: [{9A2A6933-110F-40C2-A5E6-BD2939A6EB70}] => (Allow) c:\program files (x86)\bravesoftware\update\braveupdate.exe => No File
FirewallRules: [{4CBAEDF4-42B4-4E2F-BB03-86A772EE5CBB}] => (Allow) c:\program files (x86)\bravesoftware\update\braveupdate.exe => No File
FirewallRules: [{6654DF8C-3ADC-4FFB-8A30-11218C9AD46C}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{00A52099-B4B0-42A0-9377-1ED66DE284ED}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{69247ECE-49BE-449E-B2F0-62C185CA71F5}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DE3C05CB-966D-45BF-917A-17CAAB8B8361}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5ACF7B4E-B801-43BA-9E16-1B686A73FC1C}] => (Allow) c:\users\clang\appdata\local\temp\{ec7dd2f1-42a2-446f-a5b2-b773cfaaf5d1}\c080d051.exe => No File
FirewallRules: [{68864D9F-D0D6-4021-9EA8-F7459544C49D}] => (Allow) c:\users\clang\appdata\local\temp\{ec7dd2f1-42a2-446f-a5b2-b773cfaaf5d1}\c080d051.exe => No File
FirewallRules: [{C4675E1A-FEA4-47F4-BC41-93F2865508F4}] => (Allow) c:\users\clang\appdata\local\temp\{1a4ba14d-f84b-4ea8-b2eb-306d4a0fa310}\02c516a8.exe => No File
FirewallRules: [{57E94907-5A2E-4D6A-9358-94D39433B66C}] => (Allow) c:\users\clang\appdata\local\temp\{1a4ba14d-f84b-4ea8-b2eb-306d4a0fa310}\02c516a8.exe => No File
FirewallRules: [{2847C2FA-D760-471C-9D6F-E659C0AFB964}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{796FACF8-4EA4-4F26-88EA-C31E4957FECC}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9297C8C1-16E1-4FC0-935F-7835E4DE1377}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.photos.exe (Microsoft Corporation -> )
FirewallRules: [{63DD5962-871F-4EB3-ACE2-532D7D3A6FBE}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.photos.exe (Microsoft Corporation -> )
FirewallRules: [{61B115C1-25A3-42D7-9A4C-F549C49EACE4}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3640B12E-CF3B-47CD-B9F9-3A11AE84844D}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{73040E03-1C55-4E31-A35C-793B3AFA0042}] => (Allow) c:\windows\system32\cleanmgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C9474C0-5404-4513-AE24-22C22DE7D66D}] => (Allow) c:\windows\system32\cleanmgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{223725EA-C6FE-45F3-A471-0ED558148BC9}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.23052.123.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe => No File
FirewallRules: [{419B7DC9-30F4-417D-BFBF-077C3F2B5ECD}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.23052.123.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe => No File
FirewallRules: [{83470DF8-A08C-4AEA-B9DC-BFD860750F4F}] => (Allow) c:\windows\system32\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7FE60C14-9D78-4A5A-8CBA-F23A6BB1EBFD}] => (Allow) c:\windows\system32\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DD901913-4D5C-45FD-8097-87CE35229AB3}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7240A1C4-D39D-4C90-B19D-2FCBEB9B14D4}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B65652A-59E5-4B08-AF95-2940D82A6E61}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{58F4D020-84BE-4FFA-A63A-2EDA8BCDBC20}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{22961172-93BB-42B8-9A13-C16926A651AD}] => (Allow) c:\users\clang\appdata\local\temp\b52528cf-8c4e0800-b99a5f92-59eb2afc\re9zdrhf4.exe => No File
FirewallRules: [{79D32ABE-17FA-4CC5-8E54-4F6D542A1917}] => (Allow) c:\users\clang\appdata\local\temp\b52528cf-8c4e0800-b99a5f92-59eb2afc\re9zdrhf4.exe => No File
FirewallRules: [{28E9F1E1-E995-4B70-A6FD-3CF7CCB41C81}] => (Allow) c:\users\clang\appdata\local\temp\b52528cf-8c4e0800-b99a5f92-59eb2afc\e7rzrfrnhoni3.exe => No File
FirewallRules: [{C7594173-94F6-4BB5-94CE-3E499BAB3922}] => (Allow) c:\users\clang\appdata\local\temp\b52528cf-8c4e0800-b99a5f92-59eb2afc\e7rzrfrnhoni3.exe => No File
FirewallRules: [{C2930546-B182-46AB-9D2D-68E3BE0DD12B}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{347624C4-E751-4B87-BE6C-F8CB32B0B43E}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{705F47FA-BBCB-4D91-9B49-58A9C05CE9C2}] => (Allow) c:\program files (x86)\quicken\quickenpatch.exe (Quicken Inc. -> Quicken)
FirewallRules: [{A9D9F3B2-F497-4022-83ED-E13F751A8AEB}] => (Allow) c:\program files (x86)\quicken\quickenpatch.exe (Quicken Inc. -> Quicken)
FirewallRules: [{84656F10-F9A2-4AD9-AAC1-52F3BC6A763A}] => (Allow) c:\program files (x86)\quicken\qw.exe (Quicken Inc. -> Quicken Inc.)
FirewallRules: [{93C0FC03-7D73-4D79-B990-FB34EA086857}] => (Allow) c:\program files (x86)\quicken\qw.exe (Quicken Inc. -> Quicken Inc.)
FirewallRules: [{4F3CED75-AF21-49B2-8F40-61659CCB634D}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe (HP Inc. -> HP Inc.)
FirewallRules: [{39666DBA-EA49-4A0E-A6FB-CF6ECE917BB1}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe (HP Inc. -> HP Inc.)
FirewallRules: [{AEBE203B-7FB3-4028-B104-3646623F7F55}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater\hpssfupdater.exe => No File
FirewallRules: [{A648C1A1-7C89-41D8-9B55-6CBDF1F0CF0E}] => (Allow) c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater\hpssfupdater.exe => No File
FirewallRules: [{74D8E689-8EF1-4C99-8616-1BB277CBADC8}] => (Allow) c:\program files\amd\cnext\cnext\cnext.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{CEE1375D-5F52-4D1D-9659-E0DA4D1CECC6}] => (Allow) c:\program files\amd\cnext\cnext\cnext.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{2AFE09A1-B827-49A8-B741-4BE17EC03236}] => (Allow) c:\program files\microsoft onedrive\onedrivestandaloneupdater.exe => No File
FirewallRules: [{43917227-A87A-4118-8F57-6FB600E36923}] => (Allow) c:\program files\microsoft onedrive\onedrivestandaloneupdater.exe => No File
FirewallRules: [{C76F8C21-65D0-4E0E-831A-6DD939EF167C}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\microsoft.sharepoint.exe => No File
FirewallRules: [{848DBC8B-9F4E-4C57-B22E-AF619E41318E}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\microsoft.sharepoint.exe => No File
FirewallRules: [{DF533A5E-D8F2-40B6-BE38-B4F8504982E1}] => (Allow) c:\program files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{CBF6E712-C88A-4D7F-8FF8-02092E4B726D}] => (Allow) c:\program files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{1D85D5B8-F493-4DA6-981E-E9708E26C2D3}] => (Allow) c:\program files\mozilla firefox\default-browser-agent.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{E2055197-560F-4A53-A29D-FC7C24DF8D4F}] => (Allow) c:\program files\mozilla firefox\default-browser-agent.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{C52FFAAD-226D-4CA1-8210-0A6DB07926D4}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\onedrivesetup.exe => No File
FirewallRules: [{C5047B53-5CA2-4704-B8AE-D2F36880C774}] => (Allow) c:\program files\microsoft onedrive\23.147.0716.0001\onedrivesetup.exe => No File
FirewallRules: [{26BBD3C3-B1BA-45CD-9249-E453116C1E4F}] => (Allow) c:\program files (x86)\gog galaxy\galaxyclient.exe => No File
FirewallRules: [{8DECC23F-7ABE-4029-B438-F27E0CF23FB2}] => (Allow) c:\program files (x86)\gog galaxy\galaxyclient.exe => No File
FirewallRules: [{F76EC13B-852C-4ABE-ADD4-47956C5DE72B}] => (Allow) c:\windows\syswow64\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C3951C25-6B1C-46D9-83D8-51E485EB0013}] => (Allow) c:\windows\syswow64\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{644E4497-680E-4EED-B5F4-4DA3415CE91A}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BE8269E8-373C-436C-8C7D-017897193577}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{027ECD04-F286-4850-A4FF-D67757D24B3F}] => (Allow) c:\windows\temp\is-mkt8k.tmp\a5bxmtp4.tmp => No File
FirewallRules: [{BC6B0CEE-1616-475B-BF8A-85149B08D1E9}] => (Allow) c:\windows\temp\is-mkt8k.tmp\a5bxmtp4.tmp => No File
FirewallRules: [{75FA3C00-F30E-45C1-9A67-5A6D84BAE766}] => (Allow) c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B88A1BA-42A3-4EFF-B616-EC9B746075C2}] => (Allow) c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{27C189BC-7BC0-43EE-9DDD-25E2C0EF57C0}] => (Allow) c:\program files\ruxim\ruximics.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DEC455D5-E843-4140-96FA-7D44164A5810}] => (Allow) c:\program files\ruxim\ruximics.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FDAAC2D9-7FBB-4420-A2E7-225D8CBE9090}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DB8AC7D5-08A5-4325-A1C1-860E69BDB867}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CAFCB3C3-41AA-4970-B192-EFC123F3345E}] => (Allow) c:\program files\nordvpn\nordvpn-service.exe (nordvpn s.a. -> TEFINCOM S.A.)
FirewallRules: [{DE9BCDBA-2400-48C8-9A17-4BA2DCB210E6}] => (Allow) c:\program files\nordvpn\nordvpn-service.exe (nordvpn s.a. -> TEFINCOM S.A.)
FirewallRules: [{3D018DDB-224C-41AD-ADD4-2F92B830042B}] => (Allow) c:\windows\system32\driverstore\filerepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\oneapp.igcc.winservice.exe (Intel Corporation -> Intel Corporation)
FirewallRules: [{DF69C37F-6963-42C2-BE2C-AA5F1E297D46}] => (Allow) c:\windows\system32\driverstore\filerepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\oneapp.igcc.winservice.exe (Intel Corporation -> Intel Corporation)
FirewallRules: [{5AB6C8AF-DB27-41C6-80B4-5D385F006BDE}] => (Allow) c:\windows\syswow64\xtuservice.exe (Intel Corporation -> Intel(R) Corporation)
FirewallRules: [{78325E2A-4EEA-41EB-9893-373C328DDE8D}] => (Allow) c:\windows\syswow64\xtuservice.exe (Intel Corporation -> Intel(R) Corporation)
FirewallRules: [{72A412EE-B6A1-46A6-8820-B5A79C6E6801}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.23052.125.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3F3F36E-2CBC-48A5-A7ED-63A391278DA3}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.23052.125.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8A92B98-681F-473F-808F-E9B6D98F8ACC}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.823.3261.0_x64__8wekyb3d8bbwe\gamebar.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37BEF63D-4789-467A-845B-15883BBEE481}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.823.3261.0_x64__8wekyb3d8bbwe\gamebar.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6127D2A9-4E62-499B-B088-7C14F55DFD9F}] => (Allow) c:\users\clang\saved games\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{41706D04-319D-4391-B1B2-C256770DBDBD}] => (Allow) c:\users\clang\saved games\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [{3BDDE2A0-CD30-40FB-AE33-561A24BCB8C4}] => (Allow) c:\windows\system32\runtimebroker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4A5AA005-8124-47AF-8DBE-8BA19B288857}] => (Allow) c:\windows\system32\runtimebroker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C519BBA9-CD3B-40A0-B321-79FDF18D44F8}] => (Allow) c:\users\clang\saved games\downloads\autoruns\autoruns64.exe (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
FirewallRules: [{33E02535-5457-4DD1-9C72-F72354517096}] => (Allow) c:\users\clang\saved games\downloads\autoruns\autoruns64.exe (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
FirewallRules: [{569BCD30-32F5-45D3-8A15-D4A0EDCFDBC6}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B574553-64D9-455A-9C70-629D20055CA1}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDB936F2-5D62-42B1-9AD8-BEDD3F11398D}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\hxoutlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20874B59-B556-4EF3-B5A4-A123CE36BC85}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\hxoutlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9933D533-7531-4507-A9C8-1D310BFF6F9B}] => (Allow) c:\users\clang\saved games\downloads\frst64 (1).exe => No File
FirewallRules: [{3C7670EE-F94E-4527-BAFC-8B66FAE66369}] => (Allow) c:\users\clang\saved games\downloads\frst64 (1).exe => No File
FirewallRules: [{0998A8DF-166A-4EE0-A65B-EA855A094ADE}] => (Allow) c:\users\clang\desktop\frst64 (1).exe (Farbar) [File not signed]
FirewallRules: [{B5BCDA15-91FB-4B49-97DB-05CA3815395C}] => (Allow) c:\users\clang\desktop\frst64 (1).exe (Farbar) [File not signed]

==================== Restore Points =========================

19-07-2023 21:43:31 Scheduled Checkpoint
26-07-2023 13:41:04 Windows Modules Installer
31-07-2023 09:34:30 Installed HP Support Solutions Framework

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/03/2023 10:17:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msinfo32.exe version 10.0.19041.1110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: fac

Start Time: 01d9c68226683430

Termination Time: 5

Application Path: C:\Windows\System32\msinfo32.exe

Report Id: 297a2c82-794c-42ca-a86d-6b9f1649fc64

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (08/03/2023 06:57:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\clang\Saved Games\Downloads\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (08/02/2023 12:52:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2023.10070.17002.0, time stamp: 0x64b5a80d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3155, time stamp: 0xbf300201
Exception code: 0xc000027b
Fault offset: 0x000000000012d8b2
Faulting process id: 0xf20
Faulting application start time: 0x01d9c43a0f3d8b83
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9b9350d0-f056-4259-be0a-1bdd953e925c
Faulting package full name: Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/01/2023 05:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GalaxyClient.exe, version: 2.0.61.63, time stamp: 0x64240e11
Faulting module name: Qt5Network.dll, version: 5.15.2.0, time stamp: 0x5fa4dd7a
Exception code: 0xc0000005
Fault offset: 0x0006a5ca
Faulting process id: 0x4b74
Faulting application start time: 0x01d9c4c8979bdc0c
Faulting application path: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
Faulting module path: C:\Program Files (x86)\GOG Galaxy\Qt5Network.dll
Report Id: 1f52149e-9db2-430b-8951-a2dc04a4b436
Faulting package full name:
Faulting package-relative application ID:

Error: (07/30/2023 09:39:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/28/2023 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nordsec-threatprotection-service.exe, version: 1.0.2.18, time stamp: 0x60c2b932
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3155, time stamp: 0xbf300201
Exception code: 0xe0434352
Fault offset: 0x000000000002cf19
Faulting process id: 0x980
Faulting application start time: 0x01d9c15c4ab8a93f
Faulting application path: C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0bb03c6e-d5fa-431b-877a-d935cc652e3b
Faulting package full name:
Faulting package-relative application ID:

Error: (07/28/2023 09:04:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: nordsec-threatprotection-service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 00007FFE0B05CF19
Stack:

Error: (07/28/2023 09:01:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NordVPN.exe, version: 1.0.2.27, time stamp: 0x62ea406d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3155, time stamp: 0xbf300201
Exception code: 0xe0434352
Fault offset: 0x000000000002cf19
Faulting process id: 0x2644
Faulting application start time: 0x01d9c15bccd5c7d3
Faulting application path: C:\Program Files\NordVPN\NordVPN.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 247fafaa-bdf9-4f99-8dd2-5fc52207236b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/04/2023 01:31:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (08/04/2023 01:28:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (08/01/2023 05:11:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (08/01/2023 02:51:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/31/2023 02:37:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordsec-threatprotection-service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2023 02:37:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-N4NCUCI)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.

Error: (07/31/2023 06:00:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/31/2023 06:00:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\clang\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2023-08-03 20:47:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-03 07:05:33
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %userprofile%\Documents\ by Controlled Folder Access.
Detection time: 2023-08-03T12:05:33.375Z
Path: %userprofile%\Documents\
Process Name: C:\Windows\System32\notepad.exe
Security intelligence Version: 1.393.2153.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.9

Date: 2023-08-02 21:30:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-01 20:51:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-07-30 20:42:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-04 10:36:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: HP N02 Ver. 02.17 11/01/2016
Motherboard: HP 805D
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 16264.6 MB
Available physical RAM: 10099.65 MB
Total Virtual: 18696.6 MB
Available Virtual: 11603.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.88 GB) (Free:850.58 GB) (Model: WDC WD1001FALS-403AA0) NTFS

\\?\Volume{3ef5bce0-d18e-4954-bbb6-3fa7fa5e5aff}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{8b3d35c7-c724-43d5-b513-32633646ea82}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[DR M]

Not a malware related issue.

The situation has been discussed and solved here: High level of data usage in uninstalled processes on PC