Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2026 Ran by Kutnjak (administrator) on DESKTOP-BQIMNEJ (ASUSTeK COMPUTER INC. X541NA) (30-03-2026 16:54:23) Running from C:\Users\Kutnjak\Desktop\FRST64.exe Loaded Profiles: Kutnjak Platform: Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) Language: English (United Kingdom) Default browser: "C:\Users\Kutnjak\AppData\Local\Programs\Opera\opera.exe" -noautoupdate -- "%1" Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (C:\Users\Kutnjak\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Kutnjak\AppData\Local\Programs\Opera\128.0.5807.77\opera_crashreporter.exe (DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\igfxEM.exe (explorer.exe ->) (AKD d.o.o. -> AKD d.o.o.) C:\Program Files\AKD\Certilia Middleware\CertiliaSigner.exe (Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Opera Norway AS -> Opera Software) C:\Users\Kutnjak\AppData\Local\Programs\Opera\opera.exe <21> (services.exe ->) (AKD d.o.o. -> AKD d.o.o.) C:\Program Files\AKD\Certilia Middleware\service\CertiliaDcs.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (services.exe ->) (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\igfxCUIService.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\IntelCpHDCPSvc.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\IntelCpHeciSvc.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (McAfee, Inc. -> Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Kutnjak\AppData\Local\Microsoft\OneDrive\26.040.0301.0001_1\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-3678239628-1737219384-588507674-1001\...\Run: [Opera Browser Assistant] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [3101848 2026-03-18] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\146.0.7680.165\Installer\chrmstp.exe [7359128 2026-03-25] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Certilia Signer.lnk [2025-09-10] ShortcutTarget: Certilia Signer.lnk -> C:\Program Files\AKD\Certilia Middleware\CertiliaSigner.exe (AKD d.o.o. -> AKD d.o.o.) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {F8F3EAD1-E6D0-4495-A280-3E1F40D82654} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808 2016-10-12] (ASUS) [File not signed] Task: {CDE424A2-2FA0-494A-BC61-A49DC4FF768B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19967504 2016-11-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed] Task: {12E8D4E8-EA7F-42B1-B021-6395F5E1CF3E} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {3CF28C47-808E-4C36-9129-77B97AEC37B5} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {05C4FBBF-BCB7-4522-9CFA-118D19646FE0} - System32\Tasks\Certilia Updater => C:\Program Files\AKD\Certilia Middleware\Updater.exe [1178480 2025-09-02] (AKD d.o.o. -> Agencija za komercijalnu djelatnost) Task: {A4EFF1B6-2A08-4A3A-AF06-7E7C543B1F67} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem148.0.7730.0{6F7B7E68-D9A7-4BDF-8E54-513270790497} => C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe [8459416 2026-03-12] (Google LLC -> Google LLC) Task: {0D20579A-3404-48FF-8918-D94E3DDFC271} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16404784 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {E941CD8F-D0D2-4E79-9FDD-B0CC7BD826AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28533568 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4A8DE546-47CB-4EC7-830B-3E539E41CDB3} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [73560 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {F845FA03-E453-475F-9C31-6BB9C95B77BD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28533568 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {42D0D570-B0AB-4001-AFB9-FCCAF80BE12F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4DC50085-E94C-4C2E-8775-20FB4E0C9433} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {F0401279-37B1-4FF9-B2DF-7A13A35712B9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1349920 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {593AE92F-0B39-47E9-85C4-9DDAC9E39975} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16404784 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4BF08E7C-4C99-4D9F-9887-88E7708B59BE} - System32\Tasks\Opera scheduled assistant Autoupdate 1709214803 => C:\Users\Kutnjak\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [6391768 2026-03-16] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\Kutnjak\AppData\Local\Programs\Opera\assistant" --producttype=assistant Task: {8D360755-9638-4256-88B0-4B1DD2E75C2C} - System32\Tasks\Opera scheduled Autoupdate 1655651544 => C:\Users\Kutnjak\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [6391768 2026-03-16] (Opera Norway AS -> Opera Software) Task: {2BEED256-822A-4D70-8E31-C21DEED5E437} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1473032 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {0B7B3DDE-8413-497D-BC04-42962D7819DB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {0BDE493A-EE23-4C84-9440-0F65FC6A3D0B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [149712 2021-10-14] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [516352 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) -> qing 10.1.0.5644 xxx server_url="hxxp://kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html" ic_server_url="hxxp://info.kingsoftstore.com/wpsv6internet/infos.ads" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{26c08b93-a893-4715-88d4-cc9904d96408}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{26c08b93-a893-4715-88d4-cc9904d96408}: [DhcpDomain] home Tcpip\..\Interfaces\{26c08b93-a893-4715-88d4-cc9904d96408}\9435B4F4E4F4651434D2730333534623: [DhcpNameServer] 192.168.5.1 Tcpip\..\Interfaces\{26c08b93-a893-4715-88d4-cc9904d96408}\9435B4F4E4F4651434D2730333534623: [DhcpDomain] Home Tcpip\..\Interfaces\{af72b94d-ca85-4203-932a-71982cb51341}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{af72b94d-ca85-4203-932a-71982cb51341}: [DhcpDomain] home FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2022-06-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2026-01-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-12-08] (Microsoft Corporation -> Microsoft Corporation) Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Kutnjak\AppData\Local\Microsoft\Edge\User Data\Default [2025-09-04] Edge Extension: (Google Docs Offline) - C:\Users\Kutnjak\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-11] Edge Extension: (Edge relevant text changes) - C:\Users\Kutnjak\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Chrome: ======= CHR Profile: C:\Users\Kutnjak\AppData\Local\Google\Chrome\User Data\Default [2026-01-14] CHR Notifications: Default -> hxxps://mail.google.com CHR Session Restore: Default -> is enabled. CHR Extension: (McAfee® WebAdvisor) - C:\Users\Kutnjak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2026-01-14] CHR Extension: (Stands AdBlocker) - C:\Users\Kutnjak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2025-09-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kutnjak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-17] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR DefaultProfile: Default OPR Profile: C:\Users\Kutnjak\AppData\Roaming\Opera Software\Opera Stable [2026-03-30] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Kutnjak\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2024-02-29] OPR Extension: (Opera Wallet) - C:\Users\Kutnjak\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2024-02-29] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Kutnjak\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2024-02-29] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CertiliaDcs; C:\Program Files\AKD\Certilia Middleware\service\CertiliaDcs.exe [4356464 2025-09-02] (AKD d.o.o. -> AKD d.o.o.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233464 2026-03-28] (Microsoft Corporation -> Microsoft Corporation) S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> ) S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11420952 2026-03-30] (Malwarebytes Inc -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-03-30] (Malwarebytes Inc. -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [808728 2022-06-30] (McAfee, LLC -> McAfee, LLC) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [2139832 2017-05-31] (McAfee, Inc. -> McAfee, Inc.) S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpDefenderCoreService.exe [2088128 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (McAfee, Inc. -> Intel Security, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\NisSrv.exe [4451664 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MsMpEng.exe [290704 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-11-14] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] (ASUSTeK Computer Inc. -> ) R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [159296 2026-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-18] (ASUSTek Computer Inc. -> ASUS) S3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows -> Microsoft Corporation) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt.sys [212584 2026-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [81000 2026-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [190096 2026-03-30] (Malwarebytes Inc -> Malwarebytes) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [12423864 2025-08-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21888 2026-03-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [641416 2026-03-26] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [103816 2026-03-26] (Microsoft Windows -> Microsoft Corporation) S3 MpKsl87d8971a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B9FA9D8-7111-4913-BCCC-50855B29640F}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2026-03-30 16:54 - 2026-03-30 17:01 - 000022429 _____ C:\Users\Kutnjak\Desktop\FRST.txt 2026-03-30 16:53 - 2026-03-30 16:53 - 000000000 ____D C:\Users\Kutnjak\AppData\LocalLow\IGDump 2026-03-30 16:51 - 2026-03-30 16:59 - 000000000 ____D C:\FRST 2026-03-30 16:48 - 2026-03-30 16:50 - 002445824 _____ (Farbar) C:\Users\Kutnjak\Desktop\FRST64.exe 2026-03-30 15:35 - 2026-03-30 15:35 - 000190096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2026-03-30 15:33 - 2026-03-30 16:49 - 000000000 ____D C:\Users\Kutnjak\AppData\Local\Malwarebytes 2026-03-30 15:33 - 2026-03-30 15:33 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2026-03-30 15:33 - 2026-03-30 15:33 - 000002083 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2026-03-30 15:28 - 2026-03-30 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2026-03-30 15:28 - 2026-03-30 15:28 - 000000000 ____D C:\Program Files\Malwarebytes 2026-03-30 15:25 - 2026-03-30 15:25 - 002848568 _____ (Malwarebytes) C:\Users\Kutnjak\Downloads\MBSetup.exe 2026-03-28 23:50 - 2026-03-28 23:50 - 000315475 _____ C:\Users\Kutnjak\Downloads\Pharmacie citypharma acm isispharma mustela.pdf 2026-03-28 17:42 - 2026-03-28 17:42 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2026-03-26 19:32 - 2026-03-26 19:32 - 001352991 _____ C:\Users\Kutnjak\Downloads\Shopping Cart _ STYLEVANA last.pdf 2026-03-26 01:52 - 2026-03-26 01:52 - 001034543 _____ C:\Users\Kutnjak\Downloads\Shopping Cart _ STYLEVANA.pdf 2026-03-25 15:42 - 2026-03-25 15:42 - 001511890 _____ C:\Users\Kutnjak\Downloads\High Waisted Shorts Lightweight UPF 50+ – Sun Smock.pdf 2026-03-25 01:19 - 2026-03-25 01:19 - 001610982 _____ C:\Users\Kutnjak\Downloads\ACM Azéane Creme 15% Azelainsäure 30g kaufen in Apotheke.pdf 2026-03-25 01:18 - 2026-03-25 01:18 - 001026830 _____ C:\Users\Kutnjak\Downloads\Mustela Stelatopia Intensiv-Creme 30 ml in der Apotheke erhältlich.pdf 2026-03-25 01:14 - 2026-03-25 01:14 - 000590102 _____ C:\Users\Kutnjak\Downloads\Eubos Dry Skin Children Ectoin 7% Cream, 30ml.pdf 2026-03-25 01:09 - 2026-03-25 01:09 - 001496761 _____ C:\Users\Kutnjak\Downloads\Azéane Creme Azelainsäure 15% Tube 30ml _ Newpharma.pdf 2026-03-24 17:43 - 2026-03-24 17:44 - 001747335 _____ C:\Users\Kutnjak\Downloads\Oral Care Products _ OLIVE YOUNG Global.pdf 2026-03-24 17:42 - 2026-03-24 17:42 - 012157744 _____ C:\Users\Kutnjak\Downloads\Live orals Pure Dia Teeth Whitening Set (Whitener + Toothpaste 80g) _ OLIVE YOUNG Global.pdf 2026-03-24 17:40 - 2026-03-24 17:41 - 005687458 _____ C:\Users\Kutnjak\Downloads\Puredia Self Teeth Whitening Single Product 10g (2 weeks. 28 times) - Liveorals.pdf 2026-03-24 17:40 - 2026-03-24 17:40 - 007960503 _____ C:\Users\Kutnjak\Downloads\Repetio Pumping Toothpaste (300g) - Liveorals.pdf 2026-03-23 00:35 - 2026-03-23 00:35 - 014365509 _____ C:\Users\Kutnjak\Downloads\UVA Booster _ all-in-one day cream with SPF 30 & extra UVA protection – Skingineered Cosmetics.pdf 2026-03-22 22:27 - 2026-03-22 22:27 - 000054864 _____ C:\Users\Kutnjak\Downloads\Kasse _ checkout.dm.at.pdf 2026-03-22 22:16 - 2026-03-22 22:16 - 000707295 _____ C:\Users\Kutnjak\Downloads\HYLO GEL® eye drops _ HYLO®.pdf 2026-03-21 00:57 - 2026-03-21 00:57 - 002927137 _____ C:\Users\Kutnjak\Downloads\Lip stain that isn’t pink or red _ r_MakeupAddiction.pdf 2026-03-21 00:12 - 2026-03-21 00:12 - 003675880 _____ C:\Users\Kutnjak\Downloads\how to make a collage on pinterest.pdf 2026-03-19 17:48 - 2026-03-19 17:48 - 001127204 _____ C:\Users\Kutnjak\Downloads\Solis Brown _ Brown Round Titanium Glasses _ polette - Polette Europe.pdf 2026-03-19 17:38 - 2026-03-19 17:38 - 000424679 _____ C:\Users\Kutnjak\Downloads\Submit to r_AusSkincare.pdf 2026-03-19 15:58 - 2026-03-19 15:58 - 004803329 _____ C:\Users\Kutnjak\Downloads\Tony Moly Ceramidni tonik za lice Wonder Ceramide Mochi Toner - Toneri Kupuj online Ksisters ?_♀️.pdf 2026-03-18 16:53 - 2026-03-18 16:53 - 005374986 _____ C:\Users\Kutnjak\Downloads\Peach and Lily - MiniProtein Exosome Bioactive Ampoule - Collagen Skin Repair.pdf 2026-03-18 16:37 - 2026-03-18 16:38 - 000333333 _____ C:\Users\Kutnjak\Downloads\Sesderma Repaskin Defense Liposomal Serum ingredients (Explained).pdf 2026-03-18 16:27 - 2026-03-18 16:28 - 011493388 _____ C:\Users\Kutnjak\Downloads\The Anomaly · Eye Matrix Concentrate · Cipher Skincare.pdf 2026-03-18 16:11 - 2026-03-18 16:11 - 002644164 _____ C:\Users\Kutnjak\Downloads\Colibri skincare Antioxidant Serum.pdf 2026-03-18 16:01 - 2026-03-18 16:01 - 000314824 _____ C:\Users\Kutnjak\Downloads\NIOD Survival 0 ingredients (Explained).pdf 2026-03-18 15:57 - 2026-03-18 15:57 - 001274229 _____ C:\Users\Kutnjak\Downloads\Antiox Serum _ super tøday.pdf 2026-03-17 20:11 - 2026-03-17 20:11 - 000286319 _____ C:\Users\Kutnjak\Downloads\NEW TetraSOD® PRODUCT_ SOD supplements - TetraSOD®.pdf 2026-03-17 20:10 - 2026-03-17 20:10 - 000441198 _____ C:\Users\Kutnjak\Downloads\Superoxide Dismutase - The most powerful natural antioxidant.pdf 2026-03-17 20:05 - 2026-03-17 20:05 - 014498792 _____ C:\Users\Kutnjak\Downloads\REMEDY for daily defense – Remedy Science by Dr. Muneeb Shah.pdf 2026-03-15 23:50 - 2026-03-15 23:50 - 001481811 _____ C:\Users\Kutnjak\Downloads\_nalazi.pdf 2026-03-15 23:21 - 2026-03-15 23:54 - 000000000 ____D C:\Users\Kutnjak\Downloads\THYROID LABS 2026-03-15 17:38 - 2026-03-15 17:38 - 007829640 _____ C:\Users\Kutnjak\Downloads\The Palm Line Series Online Free Streaming - Watch HD TV Shows - HydraHD.pdf 2026-03-14 23:43 - 2026-03-14 23:43 - 003045736 _____ C:\Users\Kutnjak\Downloads\Matsuda Official _ M3152 Panto Sunglasses - Hand Made in Japan.pdf 2026-03-14 23:40 - 2026-03-14 23:41 - 003600572 _____ C:\Users\Kutnjak\Downloads\M3156 – Matsuda.pdf 2026-03-14 23:40 - 2026-03-14 23:40 - 002928093 _____ C:\Users\Kutnjak\Downloads\Matsuda Official _ M3130 Aviator Sunglasses - Hand Made in Japan.pdf 2026-03-14 23:37 - 2026-03-14 23:37 - 004008006 _____ C:\Users\Kutnjak\Downloads\New Releases – Matsuda glasses.pdf 2026-03-14 15:55 - 2026-03-14 15:55 - 001769462 _____ C:\Users\Kutnjak\Downloads\Warenkorb _ Nø Cosmetics.pdf 2026-03-14 15:37 - 2026-03-14 15:37 - 001743314 _____ C:\Users\Kutnjak\Downloads\Daily Skin Guard Facial Mist _ rescue tøday hypochlorous acid spray.pdf 2026-03-14 15:35 - 2026-03-14 15:35 - 039687330 _____ C:\Users\Kutnjak\Downloads\Daily Skin Guard Facial Mist ENG no cosmetics.pdf 2026-03-14 01:35 - 2026-03-14 01:35 - 000554958 _____ C:\Users\Kutnjak\Downloads\Success Page.pdf 2026-03-13 23:53 - 2026-03-13 23:53 - 000344452 _____ C:\Users\Kutnjak\Downloads\Foods high in hyaluronic acid - Total Body Concept.pdf 2026-03-13 23:45 - 2026-03-13 23:45 - 000708512 _____ C:\Users\Kutnjak\Downloads\Hijaluronska kiselina - GymBeam _ GymBeam.hr.pdf 2026-03-13 23:44 - 2026-03-13 23:44 - 006011717 _____ C:\Users\Kutnjak\Downloads\Where to find natural hyaluronic acid in the body.pdf 2026-03-12 23:39 - 2026-03-12 23:39 - 000327094 _____ C:\Users\Kutnjak\Downloads\Aestura Atobarrier 365 Hydro Essence ingredients (Explained).pdf 2026-03-10 15:37 - 2026-03-10 15:37 - 000479621 _____ C:\Users\Kutnjak\Downloads\Dexeryl cream - Google pretraživanje.pdf 2026-03-09 23:03 - 2026-03-09 23:04 - 001546213 _____ C:\Users\Kutnjak\Downloads\needles reedle kopija.pdf 2026-03-08 23:21 - 2026-03-08 23:21 - 006676864 _____ C:\Users\Kutnjak\Downloads\In honor of International Women’s Day, name your favorite quote by a woman. _ r_Fauxmoi.pdf 2026-03-08 22:51 - 2026-03-08 22:51 - 000992421 _____ C:\Users\Kutnjak\Downloads\The Capture TV Show Air Dates & Track Episodes - Next Episode.pdf 2026-03-08 17:16 - 2026-03-08 17:16 - 067564428 _____ C:\Users\Kutnjak\Downloads\Buy protein products and vitamins _ KoRo.pdf 2026-03-08 17:07 - 2026-03-08 17:08 - 095396845 _____ C:\Users\Kutnjak\Downloads\Buy nuts_ our KoRo Classics _ KoRo wow.pdf 2026-03-08 17:00 - 2026-03-08 17:00 - 016591464 _____ C:\Users\Kutnjak\Downloads\Buy organic pumpkin protein _ KoRo.pdf 2026-03-08 14:45 - 2026-03-08 14:45 - 002490834 _____ C:\Users\Kutnjak\Downloads\Premium Chinese Nylon Silk Bamboo Parasol - Midnight Koi _ Brolliesgalore.pdf 2026-03-06 14:36 - 2026-03-06 14:36 - 000019869 _____ C:\Users\Kutnjak\Downloads\ELSTER - Kontaktformular für nicht-steuerliche Fragen - Versandbestätigung.PDF 2026-03-05 17:02 - 2026-03-05 17:02 - 000531324 _____ C:\Users\Kutnjak\Downloads\What if We Cancel the Apocalypse_ - New Lines Magazine.pdf 2026-03-04 15:57 - 2026-03-04 16:22 - 000000000 ___HD C:\$WinREAgent 2026-03-03 19:21 - 2026-03-03 19:21 - 003940918 _____ C:\Users\Kutnjak\Downloads\Entirely wrong order _ r_Sezane wow.pdf 2026-03-03 01:09 - 2026-03-03 01:09 - 000935493 _____ C:\Users\Kutnjak\Downloads\HSN Angebote_ Unglaubliche Rabatte auf Eigenmarken - HSN.pdf 2026-03-03 01:08 - 2026-03-03 01:08 - 000807528 _____ C:\Users\Kutnjak\Downloads\warenkorb hsn de ajme.pdf 2026-03-02 21:26 - 2026-03-02 21:26 - 001979754 _____ C:\Users\Kutnjak\Downloads\Košarica Tvornica Zdrave Hrane.pdf 2026-03-02 21:16 - 2026-03-02 21:16 - 000351451 _____ C:\Users\Kutnjak\Downloads\is hyaluronic acid in food -ai - Google pretraživanje.pdf 2026-03-02 21:09 - 2026-03-02 21:09 - 002061651 _____ C:\Users\Kutnjak\Downloads\Pervistop Complemento Alimentare 20 Compresse - Top Farmacia.pdf 2026-03-02 21:07 - 2026-03-02 21:08 - 001206355 _____ C:\Users\Kutnjak\Downloads\The Association of Four Natural Molecules—EGCG, Folic Acid, Vitamin B12, and HA—To Counteract HPV Cervical Lesions_ A Case Report - PMC.pdf 2026-03-01 15:01 - 2026-03-01 15:01 - 008610696 _____ C:\Users\Kutnjak\Downloads\Glycerin Hydra Cleanser for Gentle Hydration _ Jorgobé.pdf 2026-02-28 23:06 - 2026-02-28 23:06 - 000642220 _____ C:\Users\Kutnjak\Downloads\Acm Azeane Cream for blemishes, imperfections and redness 30 g - Easypara.pdf 2026-02-28 23:04 - 2026-02-28 23:04 - 000646000 _____ C:\Users\Kutnjak\Downloads\Mustela Stelatopia Intense Atopic eczema 30ml - Easypara.pdf 2026-02-28 18:13 - 2026-02-28 18:13 - 001272070 _____ C:\Users\Kutnjak\Downloads\Shopping Cart _ STYLEVANA 1.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2026-03-30 17:01 - 2022-07-10 01:01 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{01DA1AC7-0888-4923-A934-15B8A789A633} 2026-03-30 16:50 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2026-03-30 16:42 - 2022-07-10 00:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2026-03-30 15:58 - 2017-08-07 11:14 - 000000182 _____ C:\Users\Kutnjak\AppData\Roaming\sp_data.sys 2026-03-30 15:32 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2026-03-30 15:31 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2026-03-30 15:20 - 2024-02-29 15:53 - 000004518 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1709214803 2026-03-30 15:20 - 2022-07-10 00:46 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2026-03-30 15:17 - 2022-07-10 01:56 - 000000000 ____D C:\WINDOWS\SystemTemp 2026-03-30 15:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2026-03-30 15:13 - 2017-08-07 11:11 - 000000000 __SHD C:\Users\Kutnjak\IntelGraphicsProfiles 2026-03-30 15:12 - 2022-07-10 00:34 - 000000000 ____D C:\Users\Kutnjak 2026-03-30 15:11 - 2022-07-10 01:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2026-03-30 15:11 - 2022-07-10 00:26 - 000008192 ___SH C:\DumpStack.log.tmp 2026-03-30 15:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2026-03-30 15:11 - 2017-02-03 19:10 - 000000000 ___HD C:\Intel 2026-03-29 20:55 - 2025-06-03 00:21 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3678239628-1737219384-588507674-1001 2026-03-29 20:55 - 2025-02-06 13:27 - 000003578 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3678239628-1737219384-588507674-1001 2026-03-29 20:55 - 2023-08-11 09:21 - 000002387 _____ C:\Users\Kutnjak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2026-03-29 20:55 - 2022-07-10 01:01 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3678239628-1737219384-588507674-1001 2026-03-29 11:51 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2026-03-28 17:40 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2026-03-28 17:40 - 2017-02-03 19:54 - 000000000 ____D C:\Program Files\Microsoft Office 2026-03-28 14:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2026-03-27 00:23 - 2020-12-01 12:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2026-03-26 15:44 - 2018-07-23 15:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2026-03-25 23:24 - 2017-08-07 15:55 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2026-03-17 21:38 - 2026-02-16 17:10 - 000004296 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1655651544 2026-03-17 21:36 - 2022-06-19 17:13 - 000001394 _____ C:\Users\Kutnjak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Preglednik Opera.lnk 2026-03-11 21:02 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2026-03-08 13:03 - 2022-07-10 01:01 - 000003542 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2026-03-08 13:03 - 2022-07-10 01:01 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2026-03-04 16:22 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp ==================== Files in the root of some directories ======== 2017-08-07 11:14 - 2026-03-30 15:58 - 000000182 _____ () C:\Users\Kutnjak\AppData\Roaming\sp_data.sys 2025-09-10 17:03 - 2025-09-10 17:04 - 000000298 _____ () C:\Users\Kutnjak\AppData\Local\config.ini 2025-08-21 16:12 - 2025-09-10 17:03 - 000000000 _____ () C:\Users\Kutnjak\AppData\Local\simedit.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2026 Ran by Kutnjak (30-03-2026 17:05:16) Running from C:\Users\Kutnjak\Desktop Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) (2022-07-09 23:02:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3678239628-1737219384-588507674-500 - Administrators - Disabled) DefaultAccount (S-1-5-21-3678239628-1737219384-588507674-503 - Limited - Disabled) Guest (S-1-5-21-3678239628-1737219384-588507674-501 - Limited - Disabled) Kutnjak (S-1-5-21-3678239628-1737219384-588507674-1001 - Administrators - Enabled) => C:\Users\Kutnjak WDAGUtilityAccount (S-1-5-21-3678239628-1737219384-588507674-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {A537353A-1D6A-F6B5-9153-CE1CF80FBE66} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.8 - ASUS) ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.15 - ASUSTeK COMPUTER INC.) ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.2.0 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s) Certilia Middleware (HKLM\...\{3196D5AB-D17F-43A4-BC58-B1645240F5E8}) (Version: 3.9.8 - Agencija za komercijalnu djelatnost) Hidden Certilia Middleware (HKLM\...\Certilia Middleware 3.9.8) (Version: 3.9.8 - Agencija za komercijalnu djelatnost) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 146.0.7680.165 - Google LLC) Intel Security Software Manager (HKLM\...\Intel Security Software Manager) (Version: 1.1.107.0 - Intel Security) Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1631.3 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{EA4CE730-9FAB-40BE-A66E-351D00A73B7D}) (Version: 30.100.1631.03 - Intel Corporation) Hidden Intel(R) Trusted Execution Engine (HKLM\...\{0F708183-18F6-483E-8657-FACC5BFF9916}) (Version: 1.1.1.1 - Intel Corporation) Hidden Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 3.0.12.1138 - Intel Corporation) Intel(R) Trusted Execution Engine Driver (HKLM\...\{32F830EE-1E1D-4F7C-BD43-1E42B8B6AFE9}) (Version: 3.0.0.1115 - Intel Corporation) Hidden Intel(R) TXE Storage Proxy Driver (HKLM\...\{75B20B21-0C70-46D8-8354-34382B693101}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (HKLM\...\{4C61E52C-8D3A-4B91-885B-9E7346C05197}) (Version: 1.42.682.1 - Intel Corporation) Hidden Malwarebytes version 5.5.2.242 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.5.2.242 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.19822.20114 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 146.0.3856.84 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 146.0.3856.84 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-3678239628-1737219384-588507674-1001\...\OneDriveSetup.exe) (Version: 26.040.0301.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19822.20104 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden Opera Stable 128.0.5807.77 (HKU\S-1-5-21-3678239628-1737219384-588507674-1001\...\Opera 128.0.5807.77) (Version: 128.0.5807.77 - Opera Software) osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden Pomoćnik za ažuriranje sustava Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Provjera stanja sustava računala za Windows (HKLM\...\{9FCBE35B-2538-429A-BD5E-53DCF5D470F1}) (Version: 3.6.2204.08001 - Microsoft Corporation) REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.) Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) TP-Link TL-WN725N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 2.1.0 - TP-Link) Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden Viber (HKLM-x32\...\{1DD6FC81-0552-4E17-B2DC-1023C8FC69A5}) (Version: 8.2.0.1 - Viber Media Inc.) Hidden Viber (HKU\S-1-5-21-3678239628-1737219384-588507674-1001\...\{ee6b9288-8283-46ed-be0b-0f17c1da4bd5}) (Version: 8.2.0.1 - Viber Media Inc.) WebAdvisor od McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.726 - McAfee, LLC) Windows Driver Package - ASUS (AsusHFilter) HIDClass (12/19/2016 1.0.0.2) (HKLM\...\EEDD19DDF3F0CA7CFA2F4C500D442DD1FEB434F6) (Version: 12/19/2016 1.0.0.2 - ASUS) Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.) Zoom (HKU\S-1-5-21-3678239628-1737219384-588507674-1001\...\ZoomUMX) (Version: 5.12.3 (9638) - Zoom Video Communications, Inc.) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-12-23] (Autodesk Inc.) Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2026-03-28] () Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-07-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-07-09] (Microsoft Corporation) [MS Ad] Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2602.23001.0_x64__8wekyb3d8bbwe [2026-03-18] (Microsoft Corporation) [Startup Task] Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2026-03-28] () MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-11-06] (ASUSTeK COMPUTER INC.) [Startup Task] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-16] (Netflix, Inc.) OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2026-03-28] () Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-06-26] (Microsoft Corporation) Polarr Pro Photo Editor -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.11.11.0_x64__jb41c8remg0x2 [2025-08-20] (Polarr) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3678239628-1737219384-588507674-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-03-30] (Malwarebytes Inc -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_baab50003164cdd5\igfxDTCM.dll [2020-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-03-30] (Malwarebytes Inc -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2016-10-13 00:17 - 2016-10-13 00:17 - 000125440 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-10-13 00:17 - 2016-10-13 00:17 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2016-10-13 00:17 - 2016-10-13 00:17 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 000288796 _____ () [File not signed] C:\Program Files\AKD\Certilia Middleware\libjpeg-9__.dll 2016-10-13 00:17 - 2016-10-13 00:17 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll 2016-10-13 00:17 - 2016-10-13 00:17 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll 2016-10-13 00:17 - 2016-10-13 00:17 - 000165888 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 000320512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\imageformats\qjp2.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 000563200 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\imageformats\qjpeg.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 000886272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\platforms\qwindows.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 006026240 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\Qt6Core.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 008886784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\Qt6Gui.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 006448640 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\Qt6Widgets.dll 2025-03-28 12:50 - 2025-03-28 12:50 - 000199168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AKD\Certilia Middleware\styles\qmodernwindowsstyle.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Kutnjak\Desktop\FRST64.exe:MBAM.Zone.Identifier [225] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= HKU\S-1-5-21-3678239628-1737219384-588507674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE HKU\S-1-5-21-3678239628-1737219384-588507674-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE SearchScopes: HKU\S-1-5-21-3678239628-1737219384-588507674-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-06-19] (McAfee, LLC -> McAfee, LLC) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2026-01-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-06-19] (McAfee, LLC -> McAfee, LLC) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-28] (Microsoft Corporation -> Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.1.1 Windows Firewall is enabled. Network Binding: ============= Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys Ethernet: Realtek PCIe FE Family Controller -> rt640x64.sys WiFi: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC -> rtwlane02.sys Wi-Fi: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter -> rtwlanu.sys ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\iCLS\;C:\Program Files\Intel\TXE Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3678239628-1737219384-588507674-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{469E4311-63EC-48E7-AC40-F6BA91D303E7}C:\users\kutnjak\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kutnjak\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{0F4AB723-79E3-4849-B3A2-EF51684DB62E}C:\users\kutnjak\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kutnjak\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{90839865-C252-423B-9462-8FF039173977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{330795B2-535F-4A6E-81A3-514B70F3AFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{B181FC74-6B2B-43A3-8C9F-5D26C2088844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{BA33FD88-2BDE-47B8-94A7-AC66E9033876}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File FirewallRules: [{77FE0BBF-E17D-49E0-B3C4-BB8916E5A4EE}] => (Allow) C:\Users\Kutnjak\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{C9A558FF-4BB0-4641-B5CC-D4F70825CDC6}] => (Allow) C:\Users\Kutnjak\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{0DFA9BA8-BA57-4FFC-B862-9BCCC6946A41}] => (Allow) C:\Users\Kutnjak\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{9DBBE54C-389F-452F-A7E3-43D829CCD813}C:\program files\akd\certilia middleware\certiliasigner.exe] => (Block) C:\program files\akd\certilia middleware\certiliasigner.exe (AKD d.o.o. -> AKD d.o.o.) FirewallRules: [UDP Query User{F45F67D0-B900-4EDE-8054-D2AD50A51038}C:\program files\akd\certilia middleware\certiliasigner.exe] => (Block) C:\program files\akd\certilia middleware\certiliasigner.exe (AKD d.o.o. -> AKD d.o.o.) FirewallRules: [{F611821E-007C-441F-8789-C03417E56DA4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{93B30948-EBE5-4B6E-9726-684B200202C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 29-03-2026 17:46:45 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/30/2026 01:46:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Video.UI.exe version 10.25121.1005.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3d5c Start Time: 01dcbea6e61b9b9c Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25121.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe Report Id: b28026f2-07b8-4d2c-b9b1-ce49747d1866 Faulting package full name: Microsoft.ZuneVideo_10.25121.10051.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneVideo Hang type: Quiesce Error: (03/29/2026 11:41:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.19041.6280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2428 Start Time: 01dcbf5fc4617e3b Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: a9c67c00-ce29-4915-9697-b3085b9544e4 Faulting package full name: Microsoft.LockApp_10.0.19041.4239_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Hang type: Cross-thread Error: (03/28/2026 11:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.6282 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 10a4 Start Time: 01dcbe2b60cba629 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: 1f4cbbf3-185f-4fe3-bf58-d622b479d822 Faulting package full name: Microsoft.Windows.Search_1.14.18.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (03/28/2026 05:34:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (03/28/2026 05:32:39 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (03/28/2026 05:23:57 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-BQIMNEJ) Description: Application or service 'Microsoft Office SDX Helper' could not be shut down. Error: (03/28/2026 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e9c Start Time: 01dcb3a513cc5290 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Report Id: ebb8fe6d-f56a-4706-873b-c2ede9dca091 Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.5438_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce Error: (03/28/2026 01:30:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Video.UI.exe version 10.25121.1005.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1268 Start Time: 01dcbddca4e32a4f Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25121.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe Report Id: Faulting package full name: Microsoft.ZuneVideo_10.25121.10051.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneVideo Hang type: Quiesce System errors: ============= Error: (03/30/2026 03:28:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BQIMNEJ) Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout. Error: (03/30/2026 03:18:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee CSP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/30/2026 03:18:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee CSP Service service to connect. Error: (03/30/2026 03:18:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service did not respond on starting. Error: (03/30/2026 03:17:09 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY) Description: Secure Boot CA/keys need to be updated. This device signature information is included here. DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:X541NA.302;OEMModelBaseBoard:X541NA;OEMManufacturerName:ASUSTeK COMPUTER INC.;OSArchitecture:amd64; BucketId: d5de2da15bf938f0b053f64eba65a8bfa9dece77e3491997458dc828370e86e7 BucketConfidenceLevel: UpdateType: 0 HResult: 0 Error: (03/30/2026 03:16:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service did not respond on starting. Error: (03/30/2026 03:13:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/30/2026 03:13:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. Windows Defender: ================ Date: 2026-03-29 17:45:03 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Date: 2026-03-28 17:33:43 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Date: 2026-03-27 17:19:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Date: 2026-03-26 22:17:04 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Date: 2026-03-26 12:50:25 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Event[0]: Date: 2026-03-20 12:27:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.445.621.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.26010.1 Error code: 0x80070050 Error description: The file exists. Date: 2026-03-16 15:20:43 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.445.548.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.26010.1 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2026-03-16 15:20:43 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.445.548.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.26010.1 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2026-02-20 12:57:14 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.445.137.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.26010.1 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2026-02-20 12:57:14 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.445.137.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.26010.1 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =============== Date: 2025-08-29 12:09:36 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. Date: 2025-08-29 12:09:27 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: American Megatrends Inc. X541NA.302 01/24/2017 Motherboard: ASUSTeK COMPUTER INC. X541NA Processor: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz Percentage of memory in use: 84% Total physical RAM: 3959.73 MB Available physical RAM: 629.53 MB Total Virtual: 8823.73 MB Available Virtual: 2883.03 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:464.66 GB) (Free:378.38 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Removable) (Total:59.45 GB) (Free:10.33 GB) exFAT \\?\Volume{0526889d-e340-4030-a5f6-68fb42ac61bc}\ () (Fixed) (Total:0.83 GB) (Free:0.18 GB) NTFS \\?\Volume{325ea695-549d-48a1-bf6f-c678cd4eac2a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 45FFBFEE) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================