Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New GPUBreach attack enables system takeover via GPU rowhammer

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

BitDefender blocked JS:Trojan.Cryxos.12670; checking to see if I'm safe

Started by MML , Jan 17 2026 06:52 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 MML

MML

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 17 January 2026 - 06:52 AM

Hello,
 
Back once again. I was browsing a webpage on archive.org and I got a popup notification from my antivirus that an infected webpage was detected and blocked for my protection, with the following trojan being named as the reason. Since the webpage was blocked from loading, I'm going to assume that nothing was wrong. My specs have not changed, but I do want to make sure nothing might have leaked in.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-01-2026
Ran by Melissa's Computer (administrator) on LAPTOP-C0M1CS19 (HP HP Laptop 15-ef1xxx) (17-01-2026 06:45:47)
Running from C:\Users\Melissa's Computer\Downloads\FRST-OlderVersion\FRST64Eng2.exe
Loaded Profiles: Melissa's Computer
Platform: Windows 10 Version 22H2 19045.6466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.1.1.26\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\obkagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bduserhost.exe <4>
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\ai.exe <2>
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\aimgr.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(cmd.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackersnmh.exe <2>
(DriverStore\FileRepository͵335.inf_amd64_7de275617d9da25a\B374868\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͵335.inf_amd64_7de275617d9da25a\B374868\atieclxx.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <42>
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <100>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001_1\OneDrive.Sync.Service.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <77>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͵335.inf_amd64_7de275617d9da25a\B374868\atiesrxx.exe
(services.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 24.2\kpm_service.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b022f456c858acec\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.27.350.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.6465_none_7e0fb53c7c8be091\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b022f456c858acec\RtkAudUService64.exe [1269656 2021-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1088832 2025-12-12] (Bitdefender SRL -> Bitdefender)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [501480 2025-07-22] (Bitdefender SRL -> Bitdefender)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.139\Installer\setup.exe [7735376 2026-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\Run: [Grammarly] => C:\Users\Melissa's Computer\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [275608 2025-07-23] (Grammarly, Inc. -> Grammarly)
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\Run: [MicrosoftEdgeAutoLaunch_9C35E938822AA9EBF7FCE7FC2295339C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4228176 2026-01-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.243.1211.0001] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1\i386] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1\i386" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.224.1116.0003_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.224.1116.0003_1" [0 2026-01-10] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.238.1204.0001_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.238.1204.0001_1" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-11-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\144.0.7559.59\Installer\chrmstp.exe [2026-01-16] (Google LLC -> Google LLC)
Startup: C:\Users\Melissa's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-08-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {D9C74C85-6BA3-44E4-AAA3-4F1AA67C5BA0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.1.1.26\WatchDog.exe [1172984 2025-12-11] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.1.1.26\repair
Task: {3A9A88CC-D10E-427F-9055-9C109FFB62D0} - System32\Tasks\CorelUpdateHelperTask-0EB5C953B309F6FF56DE7B6AE855D24B => C:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3827728 2022-10-21] (Corel Corporation -> Corel Corporation)
Task: {0D86F6E1-FC17-4671-B959-54ACC2846457} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3827728 2022-10-21] (Corel Corporation -> Corel Corporation)
Task: {273C68DD-80E7-4207-B56F-B1E30DA33CBE} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{D0B47C3F-2509-4BD1-9E98-6AB8679B6862} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {0F08D991-B6C7-45BA-A7CC-0B9CCB24CCF8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-BatteryStatusTest => c:\Windows\System32\schtasks.exe [268800 2025-06-11] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\BatteryStatusTest"
Task: {081FEC40-2C28-459D-81FB-62BBF4087DC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [480264 2025-06-19] (HP Inc. -> HP Inc.)
Task: {916D27A0-0794-4C4C-91A0-BBD777CE2E9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1174536 2025-06-19] (HP Inc. -> HP Inc.)
Task: {E776D109-0E4A-4C44-8841-134C0DDF1A5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1174536 2025-06-19] (HP Inc. -> HP Inc.)
Task: {A60EB15E-CC30-4ECA-AEA9-5AFDE389FC87} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {EE496FF9-52DD-4C0A-B318-0E165C0EF980} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (No File)
Task: {2534131B-8DD5-4390-897D-675A063BBCA8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (No File)
Task: {C0F9511D-7C86-47F4-B883-C1E484579E33} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16659248 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {994DBF40-FB83-42FC-BBDC-A6169F7A53F8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28946240 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {17FC0E24-F085-4FFB-942C-49DD1C9F21F5} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [70976 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A83EC506-8C9C-4554-905E-FB00F044CDDE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28946240 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B5239C9-FB4E-4AD6-800F-503DE34EAE3F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311040 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E5E8504-D57D-4F63-99E4-62CB7E18AC85} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311040 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA660AB3-E913-4F05-8B12-954A1A3B19EB} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1347344 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0DDF3B5-510F-4A39-9CBD-AF35DE3CB764} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16659248 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF04CE22-BEC6-429F-BCC2-C061FF9B1136} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680064 2026-01-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9F2EB351-1621-4140-A566-CB443D60B1C5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1789642093-3422198469-1575457822-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680064 2026-01-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {C084B171-B178-456E-9463-220E85A6C557} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2026-01-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {3AA3DD8F-B113-400A-BED1-64EE3571FF71} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1789642093-3422198469-1575457822-1001 => C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001_1\OneDriveLauncher.exe [745872 2026-01-17] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}: [DhcpDomain] mynetworksettings.com
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}\24F69746: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}\35247483330303D283538353: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}\35247483330303D283538353: [DhcpDomain] hsd1.ma.comcast.net
Tcpip\..\Interfaces\{f88e0662-8139-46a4-9da0-f6a2385a0f00}\3536F6F6475627: [DhcpNameServer] 75.75.75.75 75.75.76.76
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default [2026-01-17]
Edge Extension: (Bitdefender Anti-tracker) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2024-07-20]
Edge Extension: (Kaspersky Password Manager) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eolheccophlcbnkkbelcgminoojochgj [2025-02-11]
Edge Extension: (Google Docs Offline) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-18]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-12-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (AdBlock — block ads across the web) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2026-01-14]
Edge Extension: (uBlock Origin) - C:\Users\Melissa's Computer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2025-11-27]
Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 0xj0j5ps.default
FF ProfilePath: C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\0xj0j5ps.default [2023-10-17]
FF ProfilePath: C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139 [2026-01-08]
FF Extension: (Bitdefender Anti-tracker) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\bdtbe@bitdefender.com.xpi [2023-12-04] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2025-12-25]
FF Extension: (New Tab) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\newtab@mozilla.org.xpi [2025-12-24]
FF Extension: (uBlock Origin) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\uBlock0@raymondhill.net.xpi [2025-12-22]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2024-08-06]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2025-11-24]
FF Extension: (XKit Rewritten) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\{6e710c58-36cc-49d6-b772-bfc3030fa56e}.xpi [2025-12-19]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Melissa's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\opd1yuw9.default-release-1698022104139\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-12-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2023-11-10] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2025-07-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2025-07-17] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default [2026-01-17]
CHR Extension: (Lenses) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aclelibaohlpionhbfafgkfgdbabklle [2022-01-10]
CHR Extension: (Search Fixer for YouTube) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdknokkpgboeonegndfcgkaommhleo [2026-01-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2026-01-08]
CHR Extension: (TrafficLight) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2025-12-24]
CHR Extension: (uBlock Origin) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-07-16]
CHR Extension: (XKit Rewritten) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgbadgnkmeeldglkmnplolneidgpbcm [2026-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-12-24]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-05-10]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2024-07-29]
CHR Extension: (Scener) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc [2025-08-18]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2025-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-01]
CHR Extension: (Video Screenshot) - C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkojackhibeogijphhfnamhemklmial [2025-11-16]
CHR Profile: C:\Users\Melissa's Computer\AppData\Local\Google\Chrome\User Data\System Profile [2025-04-17]
CHR HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [851704 2025-12-12] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [851704 2025-12-12] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [851704 2025-12-12] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2963856 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2426992 2025-07-03] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [851704 2025-12-12] (Bitdefender SRL -> Bitdefender)
S2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [513840 2025-07-23] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13419408 2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
S2 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [2435112 2025-06-10] (HP Inc. -> HP Inc; HP Development Company, L.P.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 kpm_service_24.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 24.2\kpm_service.exe [544680 2024-07-08] (AO Kaspersky Lab -> AO Kaspersky Lab)
S2 KSDE5.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [122792 2025-12-12] (The Document Foundation -> The Document Foundation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-24] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-08-24] (Malwarebytes Inc. -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [758176 2025-12-11] (Bitdefender SRL -> Bitdefender)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [303648 2025-12-12] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [851704 2025-12-12] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X]
S2 MDCoreSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDAfdAudioService; C:\windows\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_4f059863a425c74d\amdacpafd.sys [356328 2022-01-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\windows\System32\drivers\amdfendrmgr.sys [25016 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\windows\System32\DriverStore\FileRepository͵335.inf_amd64_7de275617d9da25a\B374868\amdkmdag.sys [80558960 2022-01-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [135296 2020-09-17] (Alcorlink Corp. -> )
R1 atc; C:\windows\System32\drivers\atc.sys [8502344 2025-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci4; C:\windows\System32\drivers\bddci4.sys [1380416 2025-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [24568 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 bdprivmon; C:\windows\System32\drivers\bdprivmon.sys [49208 2025-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 bduefiscan; C:\windows\System32\drivers\bduefiscan.sys [53808 2025-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [1793112 2025-08-25] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 Ignisv2; C:\windows\System32\drivers\ignisv2.sys [848456 2025-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 IPVCalloutDriver; C:\Program Files\Bitdefender\Bitdefender VPN\Drivers\x64\netfilter.sys [119392 2025-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 kltun; C:\windows\system32\DRIVERS\kltun.sys [86760 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-08-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239568 2024-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MpKsl79acad72; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BEA77593-B329-40DE-BBB0-2437F1DBA5D8}\MpKslDrv.sys [263560 2023-11-28] (Microsoft Windows -> Microsoft Corporation)
R2 Trufos; C:\windows\System32\drivers\Trufos.sys [630320 2025-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\windows\System32\drivers\vlflt.sys [1445440 2025-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [55744 2023-11-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [578856 2023-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\windows\System32\drivers\wintun.sys [29592 2024-05-28] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\windows\System32\drivers\wireguard.sys [489368 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-01-16 18:09 - 2026-01-16 18:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2026-01-15 19:29 - 2026-01-15 19:33 - 000000000 ____D C:\windows\system32\Tasks\GoogleUserPEH
2026-01-12 21:59 - 2026-01-12 21:59 - 000195708 _____ C:\Users\Melissa's Computer\Downloads\Monthly Statement.pdf
2026-01-12 11:31 - 2026-01-12 11:31 - 000001611 _____ C:\Users\Melissa's Computer\Downloads\VS--YouTube-BLOODRAGEFullHORRORSLASHERMovieHD-23’11”.jpg - Shortcut.lnk
2026-01-11 20:15 - 2026-01-11 20:15 - 000094208 _____ C:\Users\Melissa's Computer\Downloads\2 years of your IRS W-2s or Form 1099 - 1099_NEC_2024.pdf
2026-01-11 20:15 - 2026-01-11 20:15 - 000091619 _____ C:\Users\Melissa's Computer\Downloads\1099_NEC_2023.pdf
2026-01-11 20:14 - 2026-01-11 20:14 - 000329556 _____ C:\Users\Melissa's Computer\Downloads\NAME Tax Return_T23_For_Records.pdf
2026-01-11 20:14 - 2026-01-11 20:14 - 000196296 _____ C:\Users\Melissa's Computer\Downloads\melissa 2024.pdf
2026-01-11 19:54 - 2026-01-11 19:54 - 000094271 _____ C:\Users\Melissa's Computer\Downloads\1099-NEC_2024.pdf
2026-01-11 19:54 - 2026-01-11 19:54 - 000091619 _____ C:\Users\Melissa's Computer\Downloads\1099-NEC_2023.pdf
2026-01-09 10:50 - 2026-01-09 10:50 - 000093731 _____ C:\Users\Melissa's Computer\Downloads\1099-NEC_2025.pdf
2026-01-08 23:25 - 2026-01-08 23:25 - 000001197 _____ C:\Users\Public\Desktop\LibreOffice 25.8.lnk
2026-01-08 23:25 - 2026-01-08 23:25 - 000000000 ____D C:\Users\Melissa's Computer\AppData\Roaming\LibreOffice
2026-01-08 23:25 - 2026-01-08 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice
2026-01-08 23:24 - 2026-01-08 23:24 - 000000000 ____D C:\Program Files\LibreOffice
2026-01-08 23:13 - 2026-01-08 23:14 - 365154304 _____ C:\Users\Melissa's Computer\Downloads\LibreOffice_25.8.4_Win_x86-64.msi

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-01-17 06:46 - 2022-08-02 09:16 - 000000000 ____D C:\FRST
2026-01-17 06:35 - 2024-08-24 01:20 - 000000000 ____D C:\Users\Melissa's Computer\AppData\Local\Malwarebytes
2026-01-17 06:32 - 2021-12-30 13:13 - 000000000 ____D C:\Users\Melissa's Computer\AppData\Local\D3DSCache
2026-01-17 06:11 - 2021-12-31 17:20 - 000000000 ____D C:\Users\Melissa's Computer\Downloads\FRST-OlderVersion
2026-01-17 05:52 - 2022-01-08 21:45 - 000001954 _____ C:\Users\Melissa's Computer\Desktop\Rkill.txt
2026-01-17 04:24 - 2022-01-02 20:17 - 000000000 ____D C:\windows\SystemTemp
2026-01-17 03:00 - 2025-02-08 14:32 - 000003606 _____ C:\windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-1789642093-3422198469-1575457822-1001
2026-01-17 03:00 - 2021-12-31 17:08 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1789642093-3422198469-1575457822-1001
2026-01-17 03:00 - 2021-12-30 13:15 - 000003406 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1789642093-3422198469-1575457822-1001
2026-01-17 03:00 - 2021-12-30 13:10 - 000002429 _____ C:\Users\Melissa's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-01-17 01:40 - 2020-05-06 03:58 - 000000000 ____D C:\windows\system32\SleepStudy
2026-01-17 01:21 - 2022-01-09 21:12 - 000004194 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{B939FF62-00ED-40FD-A8F0-506337327578}
2026-01-17 00:32 - 2023-02-09 19:09 - 000003484 _____ C:\windows\system32\Tasks\CorelUpdateHelperTask-0EB5C953B309F6FF56DE7B6AE855D24B
2026-01-16 21:50 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-01-16 18:48 - 2023-10-22 19:48 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2026-01-16 18:48 - 2023-10-22 19:48 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2026-01-16 18:09 - 2025-11-11 20:09 - 000391296 _____ (Mozilla Foundation) C:\Users\Melissa's Computer\Desktop\Firefox.exe
2026-01-16 16:30 - 2021-12-31 19:25 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-01-16 16:30 - 2021-12-31 19:25 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2026-01-15 23:36 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2026-01-15 23:36 - 2019-12-07 04:14 - 000000000 ____D C:\windows\AppReadiness
2026-01-15 19:59 - 2023-10-06 09:52 - 000001402 _____ C:\Users\Melissa's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2026-01-15 19:59 - 2023-10-06 09:52 - 000001296 _____ C:\Users\Melissa's Computer\Desktop\ESET Online Scanner.lnk
2026-01-15 19:29 - 2021-12-31 12:22 - 000000000 ____D C:\Users\Melissa's Computer\AppData\Local\CrashDumps
2026-01-12 18:18 - 2019-12-07 04:14 - 000000000 ____D C:\windows\LiveKernelReports
2026-01-09 20:13 - 2023-01-16 23:33 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-01-09 20:13 - 2020-12-30 12:17 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-01-07 19:18 - 2023-10-22 19:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2026-01-04 09:45 - 2019-12-07 04:13 - 000000000 ____D C:\windows\INF
2025-12-24 04:56 - 2019-12-07 04:03 - 000000000 ____D C:\windows\CbsTemp
2025-12-23 10:14 - 2021-12-31 11:57 - 000000000 ____D C:\Users\Melissa's Computer\AppData\Roaming\Microsoft\Word
2025-12-22 02:07 - 2020-12-30 12:17 - 000003534 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-12-22 02:07 - 2020-12-30 12:17 - 000003408 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-12-21 17:54 - 2020-12-30 12:26 - 000000000 ____D C:\Program Files\Microsoft Office

==================== Files in the root of some directories ========

2022-03-28 00:39 - 2022-03-28 00:39 - 000003584 _____ () C:\Users\Melissa's Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2023-10-09 01:15 - 2023-10-09 01:15 - 000000017 _____ () C:\Users\Melissa's Computer\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2026
Ran by Melissa's Computer (17-01-2026 06:47:39)
Running from C:\Users\Melissa's Computer\Downloads\FRST-OlderVersion
Windows 10 Version 22H2 19045.6466 (X64) (2021-12-30 02:24:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1789642093-3422198469-1575457822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1789642093-3422198469-1575457822-503 - Limited - Disabled)
Guest (S-1-5-21-1789642093-3422198469-1575457822-501 - Limited - Disabled)
Melissa's Computer (S-1-5-21-1789642093-3422198469-1575457822-1001 - Administrator - Enabled) => C:\Users\Melissa's Computer
WDAGUtilityAccount (S-1-5-21-1789642093-3422198469-1575457822-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {0F59B032-EA77-E3A8-2382-74A4346E5522}
FW: Bitdefender Firewall (Enabled) {37623117-A018-E2F0-08DD-DD91CABD1259}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Audacity 3.7.4 (HKLM\...\Audacity_is1) (Version: 3.7.4 - Audacity Team)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.1.1.26 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 27.0.25.115 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 27.2.6.2 - Bitdefender)
Corel Painter Essentials 8 - Core (HKLM\...\{1D4D63BF-5E27-4D47-A23F-66E4B406D9B3}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - Content (HKLM\...\{334F8B75-D2CD-4DAE-931D-48118D313478}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - CT (HKLM\...\{CA834CD6-0363-422C-A6B5-DD0B85AC1A45}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - DE (HKLM\...\{55B21364-36FE-4172-8794-98CBC6984376}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - EN (HKLM\...\{BE36DCD3-299F-492F-89B6-D5DC051A1778}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - FR (HKLM\...\{056F7BDE-C2C0-4DBC-BB05-283178DE87FE}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - IPM (HKLM\...\{C45B69A6-7210-41B1-BEFB-7DBC66A228BE}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - IPM Content (HKLM\...\{E20BAA2A-03C4-41FA-9A12-743E58181E7E}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - JP (HKLM\...\{E73B9BAC-C186-46C8-8264-59439269A155}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 - NNArtAssets (HKLM\...\{53CFBCA0-80C1-42FD-A037-9C6C45146E03}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Essentials 8 (HKLM\...\_{D3688764-0B0D-436E-BDF2-98752AB8E0CE}) (Version: 8.0.0.148 - Corel Corporation)
Corel Painter Essentials 8 (HKLM\...\{8522EF0F-BA35-4D78-94B4-309943C39F30}) (Version: 8.0 - Corel Corporation) Hidden
Corel Painter Thumbnail Previewer (HKLM\...\{50139369-99B2-496A-8726-D3DC5D6D4235}) (Version: 18.0 - Corel Corporation)
Corel PaintShop Pro 2022 (HKLM-x32\...\_{8C9BC7E4-5EEA-489D-B666-557A9428A018}) (Version: 24.1.0.27 - Corel Corporation)
Corel Update Manager (HKLM\...\{48F41881-D9E9-4208-9C7E-16F7A84CE851}) (Version: 2.16.673 - Corel corporation) Hidden
Corel Update Manager (HKLM\...\{76A23204-7636-46EC-95B4-3815E5A61476}) (Version: 2.16.673 - Corel corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 144.0.7559.59 - Google LLC)
Grammarly for Windows (HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\Grammarly Desktop Integrations) (Version: 1.2.179.1714 - Grammarly)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP One Agent (HKLM\...\{20A9EF5E-995B-4CA0-B028-79FBDCD99773}) (Version: 1.1.901.7762 - HP Inc.)
HP One Agent (HKLM\...\{E0747DDE-41AF-4017-9CF8-2F84A2CCC5A2}) (Version: 1.1.901.7762 - HP Inc.) Hidden
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
ICA (HKLM\...\{D3688764-0B0D-436E-BDF2-98752AB8E0CE}) (Version: 8.0 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{8C9BC7E4-5EEA-489D-B666-557A9428A018}) (Version: 24.1.0.27 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{9BAC7C47-8142-4703-8447-32C1A97517CC}) (Version: 24.1.0.27 - Corel Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{26AE54F2-A23C-422C-9E5E-D2CEFD2F7656}) (Version: 24.2.0.277 - Kaspersky) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{26AE54F2-A23C-422C-9E5E-D2CEFD2F7656}) (Version: 24.2.0.277 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky)
LibreOffice 25.8.4.2 (HKLM\...\{1E18BF7B-E198-425D-8655-96006F94C5D5}) (Version: 25.8.4.2 - The Document Foundation)
Malwarebytes version 5.1.8.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.8.123 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x86) (HKLM-x32\...\{FBC9D6AE-6396-4FC7-BC18-00852836F16D}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x86) (HKLM-x32\...\{6F73FE7B-B9C3-4A05-8138-0E44543D755F}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x86) (HKLM-x32\...\{89C09E22-01D0-41F6-BAD3-CA0A8B74AD22}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.19426.20218 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 143.0.3650.139 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 143.0.3650.139 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\OneDriveSetup.exe) (Version: 25.243.1211.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{9A00C541-6944-4969-9DFE-A7289215800D}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{c37854d7-1852-4785-82ff-86ff988e4caf}) (Version: 6.0.36.34217 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox) (Version: 147.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 118.0.2 - Mozilla)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19426.20170 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
PSPPContent (HKLM-x32\...\{682A61B4-9986-42E1-A555-2F3998933BB4}) (Version: 24.1.0.27 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{84D6A405-BAE5-40C7-A200-99213338F096}) (Version: 24.1.0.27 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{10329320-4334-4FD9-AE6B-6633E5DA9638}) (Version: 24.1.0.27 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{AC60903B-BF30-4312-B839-BAF94C3B9906}) (Version: 24.1.0.27 - Corel Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2024-05-28] (Advanced Micro Devices Inc.) [Startup Task]
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2025-04-26] (Disney)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.36.0_x64__xbfy0k16fey96 [2025-11-21] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-01-03] (HP Inc.)
HP -> C:\Program Files\WindowsApps\AD2F1837.myHP_51.52550.13131.0_x64__v10z8vjag6ke6 [2025-12-17] (HP Inc.) [Startup Task]
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.26.249.0_x64__v10z8vjag6ke6 [2022-01-05] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.9.0.0_x64__v10z8vjag6ke6 [2025-11-04] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.4.17.0_x64__v10z8vjag6ke6 [2025-08-22] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_162.3.1128.0_x64__v10z8vjag6ke6 [2025-12-09] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.50.34.0_x64__v10z8vjag6ke6 [2025-12-20] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.40.0_x64__v10z8vjag6ke6 [2025-06-18] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_4.12.0.0_neutral__fphbd361v8tya [2025-04-06] (Hulu.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-04-09] (Instagram)
Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-12-21] ()
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2511.3001.0_x64__8wekyb3d8bbwe [2026-01-08] (Microsoft Corporation) [Startup Task]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.8.11051.0_x64__8wekyb3d8bbwe [2025-11-15] (Microsoft Studios)
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_4.6.8011.0_x64__8wekyb3d8bbwe [2025-08-13] (Microsoft Studios)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20610.576.0_x64__8wekyb3d8bbwe [2025-07-09] (Microsoft Corporation)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-12-21] ()
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2025-04-06] (Netflix, Inc.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-12-21] ()
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.1.6.0_x64__pwbj9vvecjh7j [2025-12-10] (Amazon Development Centre (London) Ltd)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.27.0_x64__kx24dqmazqk8j [2025-07-16] (Random Salad Games LLC)
Spotify - Music and Podcasts -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0 [2025-12-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1789642093-3422198469-1575457822-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001_1\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1789642093-3422198469-1575457822-1001_Classes\CLSID\{525e1a6f-44d5-b962-f4de-0381f4f79cbf}\localserver32 -> C:\Users\Melissa's Computer\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-1789642093-3422198469-1575457822-1001_Classes\CLSID\{7d043d4e-4259-f459-3630-7b434fd7752c}\localserver32 -> C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (HP Inc. -> HP Inc.)
CustomCLSID: HKU\S-1-5-21-1789642093-3422198469-1575457822-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001_1\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1789642093-3422198469-1575457822-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\windows\System32\atiacm64.dll [2022-01-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-24] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Melissa's Computer\Desktop\Netflix.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=edhbnieanoeijlkpgkminebadpibapgm --app-url=hxxps://www.netflix.com/pwa --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============

2020-12-30 12:26 - 2020-12-30 12:26 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-12-30 12:26 - 2020-12-30 12:26 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-12-30 12:26 - 2020-12-30 12:26 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Client\C2R64.dll
2020-12-30 12:26 - 2020-12-30 12:26 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\system32\Drivers\PROCEXP152.SYS:BDU [1]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Anti-tracker -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackerstbie.dll [2025-12-12] (Bitdefender SRL -> Bitdefender)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2025-06-19] (HP Inc. -> HP Inc.)
BHO-x32: Bitdefender Anti-tracker -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security App\antispam32\bdtrackerstbie.dll [2025-12-12] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2025-06-19] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-07-30 15:46 - 2025-07-17 09:17 - 000000027 _____ C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.1
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Intel® Wi-Fi 6 AX200 160MHz -> Netwtw10.sys
Local Area Connection: Kaspersky VPN -> kltun.sys

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 5) (TamperProtectionSource: )
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7763C854-F19A-4FC0-B21E-2241C8486A1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A3C4CF0-4B1E-4EA1-BF50-6CF60E335901}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E2F0A32-1F6B-421C-ACDB-1CFB0738CFD6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{186D393D-0A9C-4F2B-A471-5B2B8B2BD9D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{670DCD57-C03B-4ECD-BD74-E0421A4FEE68}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{90E8D6AB-4DA2-4441-B455-D393CC191BB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E9C91CB4-B971-45CA-9268-CEEADEE7F057}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CEEAA42F-0162-4D8B-9EED-8C9BFBC26B92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E1927FD0-7E19-41C2-AC73-A573665A328F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{19D39879-43A1-41FB-89BE-B9288473E8D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CD5C5D7D-CC8B-47E4-A04A-AA6D1D2B90F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{68AFB9C4-5565-4F6A-8F44-F91E92ACECE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1459C44-A17F-4034-BA5B-712DD30005CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7E869F23-41AE-4612-84BD-301AAF65A217}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{12F6A035-8B2F-4945-8C5B-AA655836F421}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{647338F2-0D89-4DB0-B103-3C2ACFD2E150}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.427.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E78DF0AA-8AE1-4ED3-90F6-BCC1D547D898}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

31-12-2025 04:20:40 Scheduled Checkpoint
09-01-2026 13:11:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2026 10:53:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 32284. Message ID: [0x2509].

Error: (01/15/2026 07:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.6456, time stamp: 0xfbcace5c
Faulting module name: twinui.pcshell.dll, version: 10.0.19041.6328, time stamp: 0x36cda8ca
Exception code: 0xc0000409
Fault offset: 0x00000000003bb1ff
Faulting process id: 0x2310
Faulting application start time: 0x01dc61115665d8f2
Faulting application path: C:\windows\Explorer.EXE
Faulting module path: C:\windows\system32\twinui.pcshell.dll
Report Id: 51eb97c6-477d-4632-b9c5-89a121154fda
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2026 01:17:18 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 19752. Message ID: [0x2509].

Error: (01/14/2026 06:49:10 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 23280. Message ID: [0x2509].

Error: (01/14/2026 06:41:13 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 30416. Message ID: [0x2509].

Error: (01/14/2026 06:23:13 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 356. Message ID: [0x2509].

Error: (01/13/2026 12:38:06 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 29260. Message ID: [0x2509].

Error: (01/13/2026 08:15:03 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 29280. Message ID: [0x2509].


System errors:
=============
Error: (01/17/2026 05:33:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.443.706.0) - Current Channel (Broad).

Error: (01/17/2026 05:33:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Defender Antivirus Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/17/2026 04:24:44 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147217392. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (01/17/2026 04:24:44 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147217392. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (01/16/2026 07:59:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.443.706.0) - Current Channel (Broad).

Error: (01/16/2026 07:59:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Defender Antivirus Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/16/2026 05:35:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.443.706.0) - Current Channel (Broad).

Error: (01/16/2026 05:35:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Defender Antivirus Service service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===============
Date: 2026-01-17 05:53:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267084157294581447\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2026-01-16 22:59:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267084157294581447\antimalware_provider64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.68 04/21/2023
Motherboard: HP 8707
Processor: AMD Ryzen 7 4700U with Radeon Graphics
Percentage of memory in use: 86%
Total physical RAM: 11633.96 MB
Available physical RAM: 1544.94 MB
Total Virtual: 41322.16 MB
Available Virtual: 19912.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.69 GB) (Free:35.27 GB) NTFS

\\?\Volume{585035e1-a616-4d31-8dc6-63cd5d935bd0}\ (Windows RE tools) (Fixed) (Total:0.51 GB) (Free:0.06 GB) NTFS
\\?\Volume{e888da0b-990f-42b6-b26d-a71995391655}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5AFFB6F6)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


Edited by Oh My!, 18 January 2026 - 04:06 PM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 18 January 2026 - 04:05 PM

Greetings and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.
 

Kaspersky Password Manager
Kaspersky VPN

Are you using these?

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\Bitdefender Agent\27.1.1.26\repair
S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X] 
S2 MDCoreSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe" [X] 
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MsMpEng.exe" [X] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {EE496FF9-52DD-4C0A-B318-0E165C0EF980} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe  (No File) 
Task: {2534131B-8DD5-4390-897D-675A063BBCA8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe  (No File) 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.243.1211.0001] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1\i386] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1\i386" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.224.1116.0003_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.224.1116.0003_1" [0 2026-01-10] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.238.1204.0001_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.238.1204.0001_1" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder] 
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.139\Installer\setup.exe [7735376 2026-01-09] (Microsoft Corporation -> Microsoft Corporation) 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Are you using Kaspersky?
  • Fixlog

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 18 January 2026 - 11:00 PM

Nope, I'm using neither of those; will gladly uninstall them

 

Will run that in a moment!


#4 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 20 January 2026 - 10:10 AM

Just need a little bit more time, will run this tonight!


#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 20 January 2026 - 11:28 AM

No problem thanks for the update.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#6 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 21 January 2026 - 10:52 AM

And here you go; on rebooting I got a notice from windows - something about a program needed to be connected to the internet to work, which I presume is OneDrive? Also windows updates were installed.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-01-2026
Ran by Melissa's Computer (21-01-2026 10:44:38) Run:13
Running from C:\Users\Melissa's Computer\Downloads\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: Melissa's Computer
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\Bitdefender Agent\27.1.1.26\repair
S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X] 
S2 MDCoreSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe" [X] 
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MsMpEng.exe" [X] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {EE496FF9-52DD-4C0A-B318-0E165C0EF980} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe  (No File) 
Task: {2534131B-8DD5-4390-897D-675A063BBCA8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe  (No File) 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.243.1211.0001] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.243.1211.0001" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1\i386] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1\i386" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.222.1112.0002_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.222.1112.0002_1" [0 2025-12-13] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.224.1116.0003_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.224.1116.0003_1" [0 2026-01-10] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\...\RunOnce: [Uninstall 25.238.1204.0001_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa's Computer\AppData\Local\Microsoft\OneDrive\25.238.1204.0001_1" [0 2026-01-17] () <==== ATTENTION [zero byte File/Folder] 
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.139\Installer\setup.exe [7735376 2026-01-09] (Microsoft Corporation -> Microsoft Corporation) 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= Folder: C:\Program Files\Bitdefender Agent\27.1.1.26\repair ========================
 
not found.
 
====== End of Folder: ======
 
HKLM\System\CurrentControlSet\Services\HPPrintScanDoctorService => removed successfully
HPPrintScanDoctorService => service removed successfully
HKLM\System\CurrentControlSet\Services\MDCoreSvc => removed successfully
MDCoreSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\WinDefend => removed successfully
WinDefend => service removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE496FF9-52DD-4C0A-B318-0E165C0EF980}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE496FF9-52DD-4C0A-B318-0E165C0EF980}" => removed successfully
C:\windows\System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Print Scan Doctor\Printer Health Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2534131B-8DD5-4390-897D-675A063BBCA8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2534131B-8DD5-4390-897D-675A063BBCA8}" => removed successfully
C:\windows\System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Print Scan Doctor\Printer Health Monitor Logon" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 25.243.1211.0001" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 25.222.1112.0002_1\i386" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 25.222.1112.0002_1" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 25.224.1116.0003_1" => removed successfully
"HKU\S-1-5-21-1789642093-3422198469-1575457822-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 25.238.1204.0001_1" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}" => removed successfully
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
 
There is a system repair pending which requires reboot to complete.  Restart 
 
Windows and run sfc again.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.6466
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:44:59 ====

Edited by MML, 21 January 2026 - 10:55 AM.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 21 January 2026 - 04:34 PM

Not sure what needed Internet access.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: sfc /scannow
Zip: C:\Windows\Logs\CBS
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 06.11.2016_13.24.50.zip. Upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Download link

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#8 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 21 January 2026 - 11:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-01-2026
Ran by Melissa's Computer (21-01-2026 23:09:12) Run:14
Running from C:\Users\Melissa's Computer\Downloads\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: Melissa's Computer
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
cmd: sfc /scannow
Zip: C:\Windows\Logs\CBS
End::
*****************
 
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
 
========= End of CMD: =========
 
================== Zip: ===================
C:\Windows\Logs\CBS -> copied successfully to C:\Users\Melissa's Computer\Desktop\21.01.2026_23.11.04.zip
=========== Zip: End ===========
 
==== End of Fixlog 23:11:06 ====

Edited by Oh My!, 22 January 2026 - 08:59 AM.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 22 January 2026 - 08:58 AM

That last step resolved the system file corruption.

Now let's remove Kaspersky. Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Kaspersky Password Manager 
Kaspersky VPN
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Programs removed?
  • Are you having any issues?

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#10 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 22 January 2026 - 09:43 AM

Good, and I shall get on that in a minute!

 

No issues to be seen, I just wanted to be sure nothing was up with the comp.


#11 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 24 January 2026 - 10:46 PM

Both programs removed!


#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 25 January 2026 - 09:37 AM

Great.

I think we are all set. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 28 January 2026 - 10:10 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#14 MML

MML
  • Topic Starter

  • Avatar image
  • Members
  • 411 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 29 January 2026 - 01:33 PM

Nope, nothing else to be worried about! Sorry for the delay on getting back to you! Storm was insane on my coast and took out the power for a bit.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:58 PM

Posted 29 January 2026 - 02:38 PM

Glad you are back up and running.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------
  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. If necessary click More info then Run anyway.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·