Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2023 Ran by ncosa (04-03-2023 16:10:26) Running from C:\Users\ncosa\Downloads Microsoft Windows 10 Home Version 21H2 19044.2604 (X64) (2021-03-01 00:18:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-337906635-1539487379-4115542375-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-337906635-1539487379-4115542375-503 - Limited - Disabled) Guest (S-1-5-21-337906635-1539487379-4115542375-501 - Limited - Disabled) ncosa (S-1-5-21-337906635-1539487379-4115542375-1001 - Administrator - Enabled) => C:\Users\ncosa WDAGUtilityAccount (S-1-5-21-337906635-1539487379-4115542375-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Bing Wallpaper (HKLM-x32\...\{20F4FF11-8953-4A72-A7D8-629B64FCF92A}) (Version: 2.0.0.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform) CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6307 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4614 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4614 - CyberLink Corp.) GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.178 - Google LLC) HP Customer Experience Enhancements (HKLM-x32\...\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}) (Version: 6.0.3.1 - Hewlett-Packard) Hidden HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP) HP ePrint Windows Driver (HKLM\...\{3BC36736-66B5-4C48-AF0A-C41C335ABCB0}) (Version: 4.8.84.16397 - HP) Hidden HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{3AF2E430-BAB4-4990-836F-9D7298894820}) (Version: 40.15.1230.21319 - HP Inc.) HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.) Intel(R) Chipset Device Software (HKLM\...\{8E2CA9DC-9975-468F-90CF-C740109DD2B8}) (Version: 10.1.1.11 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{62260D0F-633D-4B77-B394-BB57DF7223D9}) (Version: 11.0.0.1173 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{EA30CEC3-9CC5-4C80-AE8E-209A6F894961}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME UninstallLegacy (HKLM\...\{3DF3AC42-174D-4915-9ED2-448AD4338B83}) (Version: 1.0.1.0 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation) Intel(R) Ready Mode Technology (HKLM\...\{9F82AA39-BB14-4BD3-98EF-D4E9E3526B7D}) (Version: 1.1.70.514 - Intel Corporation) Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation) Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{EF71AFFB-85B5-407C-A301-39EA25F98313}) (Version: 20.90.0.2270 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden Malwarebytes Privacy version 3.15.0.802 (HKLM\...\{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 3.15.0.802 - Malwarebytes) Malwarebytes version 4.5.23.241 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.23.241 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R50 - McAfee, LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.63 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.57 - Microsoft Corporation) Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-337906635-1539487379-4115542375-1001\...\OneDriveSetup.exe) (Version: 23.038.0219.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-337906635-1539487379-4115542375-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20200 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9225.1 - Realtek Semiconductor Corp.) TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc) TurboTax 2020 wcaiper (HKLM-x32\...\{1C0FBA67-6BA2-4086-B70E-F630C7AA0273}) (Version: 020.000.1085 - Intuit Inc.) Hidden TurboTax 2020 WinPerReleaseMsi (HKLM-x32\...\{52E6AD69-FBE7-42C0-9F5B-CD282EB7FD76}) (Version: 020.000.1842 - Intuit Inc.) Hidden TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0538 - Intuit Inc.) Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{B7E98A0C-EFE5-4DC2-9069-86B7C25C231E}) (Version: 2.55.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden wcaiperStateIS (HKLM-x32\...\{5887AC3E-5182-4897-BED4-57FA33B53976}) (Version: 021.000.0125 - Intuit Inc.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Wintun-Windows (HKLM\...\{93B2BF1B-F92B-457F-A24C-9B3B1750F8B9}) (Version: 1.0.0.0 - WireGuard,LLC) Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.237.500.0_x64__kgqvnymyfvs32 [2023-02-23] (king.com) Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.14326.21336.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Corporation) Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2022-10-07] (Random Salad Games LLC) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_143.1.1136.0_x64__v10z8vjag6ke6 [2023-03-02] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-07-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-07-30] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-07-30] (Netflix, Inc.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-30] (Microsoft Corporation) Share via e-mail -> C:\Program Files\WindowsApps\153675DLabs.it.Shareviae-mail_1.1.1.0_x64__prqt257em08mg [2022-07-30] (iCubed Studios IT) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2022-10-21] (Random Salad Games LLC) Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2022-07-30] (Snapfish) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad] WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-23] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-23] (Microsoft Corporation) Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.14326.21336.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-337906635-1539487379-4115542375-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ncosa\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-23] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki130266.inf_amd64_e83ea833b4430f79\igfxDTCM.dll [2018-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-23] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============= 2020-07-27 19:12 - 2023-01-27 15:28 - 000007168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Primitives.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Registry.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.SystemEvents.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 003405824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationCore.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000241664 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.Aero2.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 005783552 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework-SystemXml.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000034304 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.NonGeneric.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000031744 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.Specialized.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000013824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.EventBasedAsync.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000020992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.Primitives.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000258560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.TypeConverter.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000365056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Configuration.ConfigurationManager.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000949248 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Data.Common.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000104960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Diagnostics.Process.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000403456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Common.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000047104 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Primitives.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.FileSystem.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000108032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Packaging.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000053760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Pipes.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000540672 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.Expressions.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Primitives.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000129536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Requests.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000056832 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebClient.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000025600 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebHeaderCollection.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ObjectModel.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 003053568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Private.Xml.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.CompilerServices.VisualC.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000062464 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.Numerics.dll 2021-01-20 14:06 - 2023-01-27 15:28 - 000010240 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.Serialization.Primitives.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000078336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.AccessControl.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Claims.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000224768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Cryptography.Algorithms.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Principal.Windows.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000136192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Text.RegularExpressions.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000733696 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Controls.Ribbon.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000046080 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Extensions.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 006714880 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Forms.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000564224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Xaml.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000032256 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationProvider.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000200192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationTypes.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 001046016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsBase.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsFormsIntegration.dll 2021-01-20 14:06 - 2023-01-27 15:28 - 000685056 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Newtonsoft.Json.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000126976 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.dll 2020-07-27 19:12 - 2023-01-27 15:28 - 000027648 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.Sinks.File.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBVpnService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBVpnService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-337906635-1539487379-4115542375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-337906635-1539487379-4115542375-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> {E0BF20FE-37F2-4C8C-A835-71C49623C56C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {E0BF20FE-37F2-4C8C-A835-71C49623C56C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-337906635-1539487379-4115542375-1001 -> {E0BF20FE-37F2-4C8C-A835-71C49623C56C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard Company -> Hewlett-Packard) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2023-01-10] (McAfee, LLC -> McAfee, LLC) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-29 23:24 - 2015-10-29 23:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ HKU\S-1-5-21-337906635-1539487379-4115542375-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ncosa\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20230304.jpg DNS Servers: 10.64.0.1 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) BITS: {EDD0B46B-F077-4286-968B-41EEA4A8ADF9} - (HPCeeConnect) -> [NotifyCmdLine: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeConnect (null)] [files:http://ceement.rssx.hp.com/CeementWA/index.jsp -> C:\Users\ncosa\hpTemp.txt] Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-337906635-1539487379-4115542375-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{51492183-9B80-4513-BCC3-806C27A3A07B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{8AF33D6D-D2C1-4A65-A7B6-6EBF7AE0948F}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{5B1E205A-09C6-4788-9E82-8612B2702B5C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{13576C1E-5B0F-4249-8958-D86FCF99706F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DDA1DF7B-AAC2-481F-ABAE-BBB138C415EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EDA1EA26-DC90-4601-A894-5F9FB9B5D0DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5B4CCB81-4206-4B67-B869-5B932463D3F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F093593C-DE0C-45C5-BE8F-CE8566D9655F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{953F8143-B2F5-4464-BAD3-037387DF3346}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{0BFE2EF2-2C7E-4F52-8415-9D4E4E0E1E32}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{6C20EB67-026B-494D-9267-1564F0DA4959}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{42A149E6-6F39-43C4-9852-C784C496B54E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (HP Inc. -> HP Inc.) FirewallRules: [{327B74C4-0733-4270-98CB-11DB2C268300}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (HP Inc. -> HP Inc.) FirewallRules: [{B6025888-26DE-44E9-BFD9-CA7296F9686B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (HP Inc. -> HP Inc.) FirewallRules: [{2AFDE7DF-B812-4701-A7C0-09922CF5BA71}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.) FirewallRules: [{8B425D81-1299-4108-A238-24E2B19B86C5}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{930AB10F-F67D-4C5C-BDCC-77A9B098D53A}] => (Allow) LPort=5357 FirewallRules: [{A59336C6-5556-4F82-B204-DC9AE9A15CBA}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{D425769E-2EA4-4E80-9C6D-E21E89A39687}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors) FirewallRules: [{52CFAA8C-192D-4549-B7DF-090BE72663C8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4C54A1FB-8377-4DE6-84F7-A3E1C2326795}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8FD43029-DF29-4672-80AD-CC566539B413}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8937CC1E-A0DE-4E75-A860-0EBEA2A65161}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{75979F45-6672-4999-B02A-A8FA9AE0C1B9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BDE08AB9-F0D3-4C24-AF24-68B6BFE57A46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9F045C8C-2F58-465E-9E09-DE0E7F7208C6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{7636B836-06F1-40B0-8346-CBFE7D3C2B7E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.57\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3FF5A8A-0188-4C3B-AEF8-598BFF070D17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5E2661AB-6C30-40BA-93CC-F5E272846FEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{EB3DB881-AABD-4A1C-998E-AEF8681EDC90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8487225A-3192-4B27-AA53-91E27899A02C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 18-02-2023 16:17:03 27-02-2023 17:57:24 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/03/2023 01:15:07 PM) (Source: ESENT) (EventID: 454) (User: ) Description: taskhostw (24908,R,98) WebCacheLocal: Database recovery/restore failed with unexpected error -501. Error: (03/03/2023 01:15:07 PM) (Source: ESENT) (EventID: 465) (User: ) Description: taskhostw (24908,R,98) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 38 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable. Error: (03/03/2023 01:15:07 PM) (Source: ESENT) (EventID: 552) (User: ) Description: taskhostw (24908,R,98) WebCacheLocal: The log file at "C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01.log" is corrupt with reason 'ValidSegmentAfterEmpty'. Last valid segment was 36, current segment is 38. The expected checksum was 2499037448811821259 (0x22ae5d51b8d3b8cb) and the actual checksum was 2499037448811821259 (0x22ae5d51b8d3b8cb). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup. Error: (03/03/2023 01:15:07 PM) (Source: ESENT) (EventID: 465) (User: ) Description: taskhostw (24908,R,98) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 38 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable. Error: (03/03/2023 01:15:07 PM) (Source: ESENT) (EventID: 552) (User: ) Description: taskhostw (24908,R,98) WebCacheLocal: The log file at "C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\V01.log" is corrupt with reason 'ValidSegmentAfterEmpty'. Last valid segment was 36, current segment is 38. The expected checksum was 2499037448811821259 (0x22ae5d51b8d3b8cb) and the actual checksum was 2499037448811821259 (0x22ae5d51b8d3b8cb). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup. Error: (03/03/2023 08:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HxOutlook.exe version 16.0.14326.21358 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: ee0 Start Time: 01d94de9d1f6f913 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21358.0_x64__8wekyb3d8bbwe\HxOutlook.exe Report Id: 1522948b-ab9d-44b8-965d-a16a0b9b4729 Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.21358.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Hang type: Quiesce Error: (03/01/2023 04:04:57 PM) (Source: ESENT) (EventID: 489) (User: ) Description: CCleaner64 (30760,G,0) An attempt to open the file "C:\Users\ncosa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (02/28/2023 08:25:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MFEAvSvc.exe, version: 26.5.136.0, time stamp: 0x636d174f Faulting module name: ntdll.dll, version: 10.0.19041.2130, time stamp: 0xb5ced1c6 Exception code: 0xc0000374 Fault offset: 0x00000000000ff6a9 Faulting process id: 0x54e0 Faulting application start time: 0x01d94897ada886dc Faulting application path: C:\Program Files\McAfee\MfeAV\MFEAvSvc.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 34829ac6-e7ae-431d-ab40-11077b952917 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/04/2023 02:55:41 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:55:09 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:54:37 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:02:14 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:02:11 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:02:10 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 02:02:07 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Initialization failed because the transport refused to open initial addresses. Error: (03/04/2023 09:30:22 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-3KUJ4II) Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2147942767" Happened while starting this command: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Windows Defender: ================ Date: 2023-03-04 07:41:45 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-03-02 16:24:48 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-03-02 16:17:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-03-01 16:09:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-02-28 16:08:07 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-02-27 07:21:52 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.383.732.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.20000.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2023-02-27 07:21:52 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.383.732.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.20000.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2023-02-27 07:21:52 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.383.732.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.20000.2 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2023-02-21 03:31:51 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.383.363.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.20000.2 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2023-01-16 08:25:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2277.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =============== Date: 2023-03-04 16:07:25 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: AMI A0.16 03/17/2016 Motherboard: HP 2B47 Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 45% Total physical RAM: 16279.53 MB Available physical RAM: 8803.19 MB Total Virtual: 18711.53 MB Available Virtual: 10730.41 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:917.92 GB) (Free:813.8 GB) (Model: TOSHIBA DT01ACA100) NTFS Drive d: (Recovery Image) (Fixed) (Total:12.16 GB) (Free:1.37 GB) (Model: TOSHIBA DT01ACA100) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{732ca0bb-3475-4a5b-abef-d0f1bf2e1569}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS \\?\Volume{7ad85889-6dbd-4030-9117-b7d57bfd9889}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6B235181) Partition: GPT. ==================== End of Addition.txt =======================