Browsealot Posted April 5, 2021 ID:1449105 Share Posted April 5, 2021 Ive been synced up to mine and my husbands gmail on seperate laptops, and now it looks like some one or something is spying on us with google lens, translate and text input. Link to post Share on other sites More sharing options...
Browsealot Posted April 5, 2021 Author ID:1449106 Share Posted April 5, 2021 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/1/21 Scan Time: 10:54 PM Log File: d4bec36a-9377-11eb-9875-000000000000.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38998 License: Premium -System Information- OS: Windows 10 (Build 19041.867) CPU: x64 File System: NTFS User: DESKTOP-KAI2134\Nancy Harper -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 369802 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 5 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.WebNavigator, C:\USERS\THARP\DOWNLOADS\CLICK HERE TO START THE WEBNAVIGATOR BROWSER INSTALLER_155888P_.EXE, Quarantined, 15291, 876585, 1.0.38998, , ame, , 2FB8F187D5C181FAD90FEE57267C4A58, 3ACE4CC2E440B30E39307EFC6980F713DB7FFC99E37AA648A293CFE40C72734D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Browsealot Posted April 5, 2021 Author ID:1449107 Share Posted April 5, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-04-01.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-04-2021 # Duration: 00:01:03 # OS: Windows 10 Home # Cleaned: 57 # Awaiting reboot:2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E73EAA-869E-4CAF-81D2-4A9FB538C7BB} Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch Deleted Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HP\HP COOLSENSE Deleted Preinstalled.HPCoolSense Folder C:\Users\Nancy Harper\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE Deleted Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7} Deleted Preinstalled.HPJumpStartApps Folder C:\Program Files (x86)\HP\HP JUMPSTART APPS Deleted Preinstalled.HPJumpStartApps Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FB6F9C-9367-41C1-9DBD-02AED46A537B} Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch Deleted Preinstalled.HPOrbit File C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Orbit.lnk Deleted Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT Deleted Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT SERVICE Deleted Preinstalled.HPOrbit Folder C:\ProgramData\HP\HP ORBIT Deleted Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{38B26B58-693D-4B55-9653-1E8D173A9F3B} Deleted Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DED1B811-5F83-451D-AFE6-F9AC351CB63B} Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Nancy Harper\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Nancy Harper\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{00612F78-52C4-46C0-97F0-F50B6036B5E2} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4780AF24-213D-4187-86F2-0014A6D6077B} Deleted Preinstalled.HPSureConnect Folder C:\Program Files (x86)\HP INC\HP SURE CONNECT Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6} Deleted Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BARN YARN COLLECTORS EDITION Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\LETTER QUEST - GRIMMS JOURNEY Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MYSTIKA 2 Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\RUNEFALL Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\SPARKLE 2 Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Needs Reboot Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE Needs Reboot Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ***** Reboot Required to Complete ***** Link to post Share on other sites More sharing options...
Browsealot Posted April 5, 2021 Author ID:1449110 Share Posted April 5, 2021 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-03-2021 Ran by Nancy Harper (04-04-2021 22:07:10) Running from C:\Users\Nancy Harper\Downloads Windows 10 Home Version 2004 19041.867 (X64) (2021-03-29 06:01:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-147387203-2049521185-1391950953-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-147387203-2049521185-1391950953-503 - Limited - Disabled) Guest (S-1-5-21-147387203-2049521185-1391950953-501 - Limited - Disabled) Nancy Harper (S-1-5-21-147387203-2049521185-1391950953-1041 - Administrator - Enabled) => C:\Users\Nancy Harper nharp (S-1-5-21-147387203-2049521185-1391950953-1038 - Limited - Disabled) tharp (S-1-5-21-147387203-2049521185-1391950953-1001 - Administrator - Enabled) => C:\Users\tharp WDAGUtilityAccount (S-1-5-21-147387203-2049521185-1391950953-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Barn Yarn Collector's Edition (HKLM-x32\...\WTA-a2f78c80-5eea-40c9-a802-e6c484d66f19) (Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP) HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.) HP CoolSense (HKLM-x32\...\{20CC03C7-7B48-4130-B7FA-39BC128E3A9E}) (Version: 2.21.5 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.) HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.) HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.) HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP) Intel(R) Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1047 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1643.1 - Intel Corporation) Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A9BCF224-9E30-4BFD-8917-2990841F6A87}) (Version: 19.50.0 - Intel Corporation) Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation) ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-5e3f0140-8d99-4765-8fb3-97d2c27b9ca6) (Version: 3.0.2.118 - WildTangent) Hidden Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R30 - McAfee, LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.21686 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-147387203-2049521185-1391950953-1041\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mystika 2 (HKLM-x32\...\WTA-c061a997-55b9-451a-9af6-3f5326668911) (Version: 1.1.2.4 - WildTangent) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8656 - Realtek Semiconductor Corp.) Runefall (HKLM-x32\...\WTA-719a6e97-7168-463e-bfa9-84644f1091bd) (Version: 3.0.2.126 - WildTangent) Hidden Sparkle 2 (HKLM-x32\...\WTA-84d407b0-2b44-451a-8bfd-d876dde1264f) (Version: 3.0.2.51 - WildTangent) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.582 - McAfee, LLC) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-04-01] (Amazon.com) ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2021-04-01] (ELAN Microelectronics Corporation) HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.1.134.0_x64__dt26b99r8h8gj [2021-04-01] (Realtek Semiconductor Corp) HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2021-04-01] (ELAN MICROELECTRONICS CORP.) [Startup Task] HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2021-04-01] (HP Inc.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-04-01] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-01] (Netflix, Inc.) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.1.3.0_x64__kx24dqmazqk8j [2021-04-01] (Random Salad Games LLC) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-01-20] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-01-20] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square ==================== Loaded Modules (Whitelisted) ============= 2021-04-01 23:17 - 2021-04-01 23:17 - 000120832 _____ () [File not signed] [File is in use] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\764b38e6de1bd057f94011120cc33d24\BridgeExtension.ni.dll 2021-04-01 23:15 - 2021-04-01 23:15 - 000157696 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\17c957e18eec67eee9951a8c48fd28e5\BRIDGECommon.ni.dll 2021-04-01 23:17 - 2021-04-01 23:17 - 000343552 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\51b827da59bc6d814fd76ade6d857d6b\CleanStartController.ni.dll 2021-04-01 23:17 - 2021-04-01 23:17 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\939bd33c5f4a7ad06c69a173c40dc7f0\CommonPortable.ni.dll 2017-05-23 08:09 - 2017-05-23 08:09 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2017-05-23 08:09 - 2017-05-23 08:09 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) === (If an entry is (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) == =============== ==================== Internet Explorer (WhitelisteSearchScopes: HKLSearchScopes: HKLM -> {69B27CF0-8645-47B5-B885-800DB931DD2C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywordSearchScopes: HKLSearchScopes: HKLM-x32 -> {69B27CF0-8645-47B5-B885-800DB931DD2C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywordBHO: Skype for BuBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-04-01] (Microsoft Corporation -> MicrosoBHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-04-02] (McAfee, LLC -> McAfee, LLC) BHO-x32: McAfee WBHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-04-02] (McAfee, LLC ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-147387203-2049521185-1391950953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tharp\AppData\Local\Microsoft\Windows\Themes\20200101_214740[267].jpg HKU\S-1-5-21-147387203-2049521185-1391950953-1041\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{84F8B51A-F2F6-4234-98B5-FB9D182CA52D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AB8DD282-E333-4603-9983-3BD803DE514E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{27DC9705-2751-43A7-B009-05F06D0A16EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F53A85F3-4995-410C-B8E4-412317E3B404}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E30A0077-CA2B-4AEB-8C1A-8568093F42A6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{C133CC5D-2065-428A-875D-1257A0828313}] => (Allow) LPort=13148 FirewallRules: [{236DFED6-0730-41B9-9BB4-148D90684745}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => No File FirewallRules: [{1393699E-FDDB-41CA-98D1-ECA9141A0840}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{889D5864-2756-4DB2-8F70-0B04F937F3C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E1511E35-BC4F-4C93-AE12-BDCB9982B350}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A8697517-BCF3-42D2-8C49-13E400E6D0CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1D1A533D-E415-4D2F-A266-F906288313D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8A432565-1A8C-43B3-8EF9-0668AAF20125}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B14EBD8F-D972-433B-8883-C64D3F4CEA3A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F728BDC5-DA18-4008-A962-F1869911E258}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{47946877-8360-4E4B-9410-9F098EFA636C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CC3D25EA-43A7-493A-A2AA-82E680D11802}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F0630EE1-37B0-42A1-838B-2867F19A32BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{62375686-012B-41F9-92C8-14294EC2F897}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2D81E48F-C1F9-467C-80DE-F65B502AC5C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{123FEA00-F944-45F6-B38A-223627A1B1C8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{F436F5B2-647D-4EA0-B762-B24A27CFB95F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) ==================== Restore Points ========================= 04-04-2021 18:50:28 AdwCleaner_BeforeCleaning_04/04/2021_18:50:26 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-KAI2134.local already in use; will try DESKTOP-KAI2134-2.local instead Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 DESKTOP-KAI2134.local. Addr 192.168.1.135 Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.135:5353 16 DESKTOP-KAI2134.local. AAAA 2603:8000:2C00:0014:0000:0000:0000:1EC7 Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (04/04/2021 06:43:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-KAI2134.local already in use; will try DESKTOP-KAI2134-2.local instead System errors: ============= Error: (04/04/2021 06:58:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Comm Recovery service failed to start due to the following error: The system cannot find the file specified. Error: (04/04/2021 06:58:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The GamesAppIntegrationService service failed to start due to the following error: The system cannot find the file specified. Error: (04/04/2021 06:54:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Orbit Service service failed to start due to the following error: The system cannot find the file specified. Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Sound Research SECOMN Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Synaptics Audio APO Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Storage Middleware Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP JumpStart Bridge service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Windows Defender: ================ Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =============== Date: 2021-04-04 21:39:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-03-28 22:18:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =============== Date: 2021-04-04 21:39:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Insyde F.55 06/08/2020 Motherboard: HP 830F Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz Percentage of memory in use: 85% Total physical RAM: 6016.66 MB Available physical RAM: 876.19 MB Total Virtual: 7680.66 MB Available Virtual: 1637.87 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:451.57 GB) (Free:372.8 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{66c26879-8e91-436b-b648-6063c4b11d7c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS \\?\Volume{122b271c-e460-438d-a9fe-47072ee0e128}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D) Partition: GPT. ==================== End of Addition.txt ======================= (Total:0.96 GB) (Free:0.44 GB) NTFS \\?\Volume{122b271c-e460-438d-a9fe-47072ee0e128}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
Browsealot Posted April 5, 2021 Author ID:1449111 Share Posted April 5, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021 Ran by Nancy Harper (administrator) on DESKTOP-KAI2134 (HP HP Pavilion x360 Convertible 14m-ba0xx) (04-04-2021 22:03:07) Running from C:\Users\Nancy Harper\Downloads Loaded Profiles: tharp & Nancy Harper Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Task: {1995E303-5A32-4334-855C-ECDFDE1AB58C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe (Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe (Farbar) [File not signed] C:\Users\Nancy Harper\Downloads\FRST64.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (HP Inc. -> HP) C:\Windows\System32\hpservice.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_5acc9ca73ae7cf4c\jhi_service.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7002521e34feee93\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7002521e34feee93\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION Task: {8570280C-B7B7-4AD6-B397-065DA73EC40C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {98546415-8088-46A6-A2C8-FC9FAD7C66EC} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION Task: {9DE40A2B-EE73-4DED-9ACC-D265B464A51C} - \DropboxOEM -> No File <==== ATTENTION Task: {A0F39486-CF80-4970-B528-9C1D76FAA894} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC) Task: {A9B7C157-CE84-4291-87F6-A42A97BBD74F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe Task: {AC389BF1-A148-4A80-873F-BC191E8F996E} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> No File <==== ATTENTION Task: {B218E4F6-8FC4-4EE9-90CF-98C79ACE67BF} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-04-01] (McAfee, Inc. -> McAfee, LLC.) Task: {B275BC86-349C-4056-B23C-728D1E94919E} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION Task: {C2EE67F0-AE18-4735-8386-CCC6F61CDA94} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC) Task: {C8180E21-0CB8-48C3-B035-5B2FB7D4DA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.) Task: {C8E8456B-8EF4-4E8E-BEBF-A4C16D8543D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {DCD6C84B-9189-4AD6-A349-34ED3C605333} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.) "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {E045E7C9-3AF5-4B73-9F24-42AA463105D3} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC) Task: {E1CB8C06-BC49-40D2-9EE3-0DDBAB22316D} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION Task: {E79DA0E4-CC21-4A85-9EBC-8D5EC4039849} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {EC72DA74-F612-42F4-B5EE-479C2F72B311} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION Task: {F08A27A8-9E01-4C00-8137-E826E343667F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {F140E1C0-FB88-4EF2-9886-B93AF524AEE7} - \HPEA3JOBS -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe \Realtek\Audio\HDA\RtkNGUI64.exe [9270776 2019-03-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP) Startup: C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-03-26] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-01-14] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {067681FA-6447-4A68-88BA-48DAE1EE6206} - \Microsoft\Windows\Windows Defender\Windows Defender Verification -> No File <==== ATTENTION Task: {0AF41C5D-C467-4D80-A141-F6DDD24EDDAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {0CA3E1CD-C983-4199-8008-E7543E4A876C} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION Task: {10F7BBC7-5A39-45A4-B35A-129C3D444715} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\system32\RtkAudUService64.exe [821320 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {1995E303-5A32-4334-855C-ECDFDE1AB58C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {19AB62B5-3C04-423F-B629-F49601B7915E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.) Task: {36C40CC4-2AD6-4E8C-B561-C02B6FA8D47A} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION Task: {398BE8D1-A24B-4011-8169-14FE70F6E519} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Nancy Harper\Desktop\adwcleaner_8.2.exe [8534696 2021-04-04] (Malwarebytes Inc -> Malwarebytes) Task: {41E8C6DF-6000-4085-ACBC-1115CF7A8240} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup -> No File <==== ATTENTION Task: {4343BE74-8493-4584-83A8-D2D9366E2B30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {469965B6-77AD-47ED-B71E-4594EAD58DC1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [738272 2021-01-14] (McAfee, LLC -> McAfee, LLC) Task: {4A5D06EA-28E4-4BAF-A61B-448F7D086C46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.) Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION Task: {4B7A109F-521B-4FD9-994B-84BF5621CEB5} - System32\Tasks\HPCeeScheduleForNancy Harper => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.) Task: {50CCFEEF-426A-427E-83AB-C081D9199D90} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION Task: {510EC077-212E-434D-AA03-9BBBE5F5096F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4676920 2021-01-07] (McAfee, LLC -> McAfee, LLC) Task: {5153B03D-D382-4CAF-89EB-30BB4EAE028C} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan -> No File <==== ATTENTION Task: {578BDC89-A21F-468F-97D9-92DEB770E053} - \HP\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION Task: {8570280C-B7B7-4AD6-B397-065DA73EC40C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {98546415-8088-46A6-A2C8-FC9FAD7C66EC} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION Task: {9DE40A2B-EE73-4DED-9ACC-D265B464A51C} - \DropboxOEM -> No File <==== ATTENTION Task: {A0F39486-CF80-4970-B528-9C1D76FAA894} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC) Task: {A9B7C157-CE84-4291-87F6-A42A97BBD74F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe Task: {AC389BF1-A148-4A80-873F-BC191E8F996E} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> No File <==== ATTENTION Task: {B218E4F6-8FC4-4EE9-90CF-98C79ACE67BF} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-04-01] (McAfee, Inc. -> McAfee, LLC.) Task: {B275BC86-349C-4056-B23C-728D1E94919E} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION Task: {C2EE67F0-AE18-4735-8386-CCC6F61CDA94} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC) Task: {C8180E21-0CB8-48C3-B035-5B2FB7D4DA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.) Task: {C8E8456B-8EF4-4E8E-BEBF-A4C16D8543D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {DCD6C84B-9189-4AD6-A349-34ED3C605333} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.) Task: {E045E7C9-3AF5-4B73-9F24-42AA463105D3} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC) Task: {E1CB8C06-BC49-40D2-9EE3-0DDBAB22316D} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION Task: {E79DA0E4-CC21-4A85-9EBC-8D5EC40n) 9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {EC72DA74-F612-42F4-B5EE-479C2F72B311} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION Task: {F08A27A8-9E01-4C00-8137-E826E343667F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {F140E1C0-FB88-4EF2-9886-B93AF524AEE7} - \HPEA3JOBS -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{eb23d636-f60e-4e2f-adfc-4730770a6f71}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f6e87beb-39df-4d5d-9c2c-9b81b19e2e2c}: [DhcpNameServer] 172.168.0.5 Edge: ======= Edge Profile: C:\Users\Nancy Harper\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-04] eServer] 192.168.1.1 Tcpip\..\Interfaces\{f6e87beb-39df-4d5d-9c2c-9b81b19e2e2c}: [DhcpNameServer] 172.168.0.5 Edge: ======= Edge Profile: C:\Users\Nancy Harper\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-04] not found FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-01] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-01-20] (McAfee, LLC -> ) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-01-20] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File] FireFox: ======== FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-01] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-01-20] (McAfee, LLC -> ) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-01-20] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137440 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (McAfee, Inc. -> Intel Security) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP Inc. -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-01] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [952992 2021-04-02] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [779080 2021-01-15] (McAfee, LLC -> McAfee, LLC) S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.0.110.0\\McCSPServiceHost.exe [2784672 2021-01-05] (McAfee, LLC -> McAfee, LLC) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1627680 2021-01-20] (McAfee, LLC -> McAfee, LLC) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4240160 2021-01-08] (McAfee, LLC -> McAfee, LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X] S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X] S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-01] (Malwarebytes Inc -> Malwarebytes) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.) U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [795640 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-04] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-04] (Malwarebytes Inc -> Malwarebytes) R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-04 22:02 - 2021-04-04 22:04 - 000033918 _____ C:\U ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-04 22:02 - 2021-04-04 22:04 - 000033918 _____ C:\Users\Nancy Harper\Downloads\FRST.txt 2021-04-04 22:02 - 2021-04-04 22:02 - 002298368 _____ (Farbar) C:\Users\Nancy Harper\Downloads\FRST64 (1).exe 2021-04-04 22:01 - 2021-04-04 22:03 - 000000000 ____D C:\FRST 2021-04-04 22:01 - 2021-04-04 22:01 - 002298368 _____ (Farbar) C:\Users\Nancy Harper\Downloads\FRST64.exe 2021-04-04 21:51 - 2021-04-04 21:51 - 000000773 _____ C:\Users\Nancy Harper\Desktop\AdwCleaner - Shortcut.lnk 2021-04-04 21:51 - 2021-04-04 21:51 - 000000773 _____ C:\Users\Nancy Harper\Desktop\AdwCleaner - Shortcut (2).lnk 2021-04-04 21:01 - 2021-04-04 21:01 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-04 20:59 - 2021-04-04 20:59 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-04 20:59 - 2021-04-04 20:59 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-04 20:48 - 2021-04-04 20:48 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-04-04 20:48 - 2021-04-04 20:48 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-04-04 20:48 - 2021-04-04 20:48 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-04-04 20:48 - 2021-04-04 20:48 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-04-04 20:48 - 2021-04-04 20:48 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-04-04 18:57 - 2021-04-04 20:56 - 000000000 ____D C:\Users\Nancy Harper\AppData\LocalLow\IGDump 2021-04-04 18:52 - 2021-04-04 18:52 - 000003180 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot 2021-04-04 18:48 - 2021-04-04 18:51 - 000000000 ____D C:\AdwCleaner 2021-04-04 18:47 - 2021-04-04 18:47 - 008534696 _____ (Malwarebytes) C:\Users\Nancy Harper\Desktop\adwcleaner_8.2.exe 2021-04-04 18:47 - 2021-04-04 18:47 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\McAfee File Lock 2021-04-04 18:47 - 2021-01-18 02:58 - 000089112 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys 2021-04-04 18:46 - 2021-04-04 18:54 - 000000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job 2021-04-04 18:46 - 2021-04-04 18:46 - 000003312 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForNancy Harper 2021-04-02 07:07 - 2021-04-02 07:07 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\CrashDumps 2021-04-01 23:48 - 2021-04-01 23:49 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon 2021-04-01 23:44 - 2021-04-04 18:55 - 000000000 ____D C:\ProgramData\McInstTemp0247971617345848 2021-04-01 23:43 - 2021-04-04 18:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2021-04-01 23:40 - 2021-04-02 07:02 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2021-04-01 22:52 - 2021-04-01 22:52 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-04-01 22:52 - 2021-04-01 22:52 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\mbam 2021-04-01 22:51 - 2021-04-01 22:51 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-04-01 22:51 - 2021-04-01 22:51 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-04-01 22:51 - 2021-04-01 22:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-04-01 22:51 - 2021-04-01 22:51 - 000000000 ____D C:\Program Files\Malwarebytes 2021-04-01 22:38 - 2021-04-01 22:59 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\PlaceholderTileLogoFolder 2021-04-01 22:37 - 2021-04-01 22:37 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2021-04-01 22:37 - 2021-04-01 22:37 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2021-04-01 22:31 - 2021-04-01 22:31 - 000000000 ___HD C:\Users\Nancy Harper\MicrosoftEdgeBackups 2021-04-01 22:30 - 2021-04-04 10:08 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\hpqLog 2021-04-01 19:27 - 2021-04-01 19:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2021-04-01 19:26 - 2021-04-04 18:51 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Hewlett-Packard 2021-04-01 19:23 - 2021-04-01 19:23 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\D3DSCache 2021-04-01 08:05 - 2021-04-01 08:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\RegistrationDataHandler 2021-04-01 08:04 - 2021-04-04 18:52 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Hewlett-Packard 2021-04-01 08:03 - 2021-04-01 08:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\HP 2021-04-01 08:02 - 2021-04-04 20:59 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\DropboxOEM 2021-04-01 08:02 - 2021-04-01 08:02 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\DropboxOEM 2021-04-01 07:59 - 2021-04-01 07:59 - 000000000 ___HD C:\ProgramData\temp 2021-03-31 21:23 - 2021-04-04 21:44 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Comms 2021-03-30 10:20 - 2021-04-01 22:37 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-147387203-2049521185-1391950953-1041 2021-03-30 10:16 - 2021-03-30 10:16 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-03-30 10:15 - 2021-04-01 22:31 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\MicrosoftEdge 2021-03-30 10:13 - 2021-04-01 22:59 - 000000000 ____D C:\ProgramData\Packages 2021-03-30 10:13 - 2021-04-01 19:29 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Publishers 2021-03-30 10:12 - 2021-04-04 21:08 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Packages 2021-03-30 10:12 - 2021-04-01 07:54 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\ConnectedDevicesPlatform 2021-03-30 10:12 - 2021-03-30 10:13 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Intel 2021-03-30 10:12 - 2021-03-30 10:12 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Adobe 2021-03-30 10:12 - 2021-03-30 10:12 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\VirtualStore 2021-03-30 10:11 - 2021-03-30 10:11 - 000000020 ___SH C:\Users\Nancy Harper\ntuser.ini 2021-03-28 22:43 - 2021-03-28 22:43 - 000000000 _SHDL C:\Users\Default User 2021-03-28 22:43 - 2021-03-28 22:43 - 000000000 _SHDL C:\Users\All Users 2021-03-28 22:38 - 2021-03-28 22:38 - 000010302 _____ C:\Users\tharp\Desktop\Removed Apps.html 2021-03-28 22:38 - 2021-03-28 22:38 - 000009336 _____ C:\Users\Nancy Harper\Desktop\Removed Apps.html 2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100001\Desktop\Removed Apps.html 2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100001.DESKTOP-KAI2134.000\Desktop\Removed Apps.html 2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100000.DESKTOP-KAI2134.000\Desktop\Removed Apps.html 2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser1.DESKTOP-KAI2134.001\Desktop\Removed Apps.html 2021-03-28 22:36 - 2021-04-01 08:06 - 000910792 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-28 22:36 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\Panther 2021-03-28 22:34 - 2021-03-28 22:34 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2021-03-28 22:25 - 2021-04-01 19:17 - 000000000 ____D C:\Windows.old 2021-03-28 22:22 - 2021-03-28 22:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-03-28 22:22 - 2021-03-28 22:22 - 000000000 ____D C:\WINDOWS\system32\Intel 2021-03-28 22:20 - 2021-03-28 22:20 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-03-28 22:19 - 2021-03-28 22:19 - 000000000 ____D C:\WINDOWS\Setup 2021-03-28 22:18 - 2021-04-01 22:37 - 000002391 _____ C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:18 - 2021-04-01 22:31 - 000000000 ____D C:\Users\Nancy Harper 2021-03-28 22:18 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\tharp 2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100001.DESKTOP-KAI2134.000 2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100001 2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-KAI2134.000 2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-KAI2134.001 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\OCR 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\addins 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\ProgramData\ssh 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files\MSBuild 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100001.DESKTOP-KAI2134.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100000.DESKTOP-KAI2134.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-KAI2134.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\0409 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\0409 2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\DigitalLocker 2021-03-28 22:13 - 2021-03-28 22:33 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-03-28 22:13 - 2021-03-28 22:09 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat 2021-03-28 22:13 - 2021-03-28 22:09 - 000215943 _____ C:\WINDOWS\system32\dssec.dat 2021-03-28 22:13 - 2021-03-28 22:09 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-03-28 22:13 - 2021-03-28 22:09 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam 2021-03-28 22:13 - 2021-03-28 22:09 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config 2021-03-28 22:13 - 2021-03-28 22:09 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config 2021-03-28 22:13 - 2021-03-28 22:09 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json 2021-03-28 22:13 - 2021-03-28 22:09 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT 2021-03-28 22:13 - 2021-03-28 22:09 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT 2021-03-28 22:12 - 2021-04-04 22:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-28 22:12 - 2021-04-04 21:08 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-28 22:12 - 2021-04-04 21:01 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-28 22:12 - 2021-04-04 20:59 - 000000000 ___RD C:\Program Files (x86) 2021-03-28 22:12 - 2021-04-04 18:54 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-28 22:12 - 2021-04-02 07:05 - 000000000 ____D C:\WINDOWS\appcompat 2021-03-28 22:12 - 2021-04-01 23:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-28 22:12 - 2021-03-31 21:23 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-03-28 22:12 - 2021-03-30 10:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-28 22:12 - 2021-03-29 08:00 - 000000000 ____D C:\ProgramData\USOPrivate 2021-03-28 22:12 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-28 22:12 - 2021-03-28 22:44 - 000000000 ____D C:\WINDOWS\Registration 2021-03-28 22:12 - 2021-03-28 22:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Com 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\IME 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\Help 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows NT 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows Defender 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows NT 2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 __RSD C:\WINDOWS\Media 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\system32\Nui 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___RD C:\WINDOWS\Offline Web Pages 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ti-et 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ta-lk 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ta-in 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\si-lk 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\my-mm 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\icsxml 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ias 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\downlevel 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\DDFs 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Bthprops 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\am-et 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\L2Schemas 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\IdentityCRL 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\Cursors 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Windows Portable Devices 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Common Files\Services 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices 2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 __SHD C:\Program Files\Windows Sidebar 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___SD C:\WINDOWS\system32\Configuration 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Web 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\WaaS 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Vss 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\tracing 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\TAPI 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\ras 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\IME 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SystemApps 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\winevt 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\ras 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\ProximityToast 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\PointOfService 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Ipmi 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\InputMethod 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\IME 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Hydrogen 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\DriverState 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\RegBack 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\Journal 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\System 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SKB 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\security 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\schemas 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SchCache 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\rescache 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\PLA 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Performance 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\ModemLogs 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\InputMethod 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Globalization 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Containers 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Branding 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\ProgramData\USOShared 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\Program Files\Windows Security 2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\Program Files\ModifiableWindowsApps 2021-03-28 22:12 - 2021-03-28 22:11 - 000000000 ____D C:\WINDOWS\system32\spool 2021-03-28 22:12 - 2021-03-28 22:11 - 000000000 ____D C:\WINDOWS\Resources 2021-03-28 22:12 - 2021-03-28 22:06 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-03-28 22:12 - 2021-03-28 21:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-03-28 22:12 - 2021-03-28 21:38 - 000000000 ____D C:\WINDOWS\system32\config\TxR 2021-03-28 22:10 - 2021-04-04 19:06 - 000000000 ____D C:\WINDOWS\INF 2021-03-28 22:05 - 2021-03-28 22:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-03-28 22:03 - 2021-04-01 22:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-28 21:55 - 2021-04-04 18:53 - 100139008 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-03-28 21:55 - 2021-04-04 18:53 - 037224448 _____ C:\WINDOWS\system32\config\SYSTEM 2021-03-28 21:55 - 2021-04-04 18:53 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2021-03-28 21:55 - 2021-04-04 18:53 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-03-28 21:55 - 2021-04-04 18:53 - 000131072 _____ C:\WINDOWS\system32\config\SAM 2021-03-28 21:55 - 2021-04-04 18:53 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY 2021-03-28 21:55 - 2021-04-01 22:30 - 000000000 ____D C:\WINDOWS\servicing 2021-03-28 21:55 - 2021-03-28 22:39 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-28 21:55 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\SMI 2021-03-28 21:55 - 2021-03-28 22:08 - 000000000 ____D C:\ProgramData\Intel 2021-03-28 21:55 - 2021-03-28 21:55 - 000003224 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG 2021-03-28 21:55 - 2021-03-28 21:55 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2021-03-28 21:54 - 2021-03-28 21:54 - 001369987 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip 2021-03-28 21:54 - 2021-03-28 21:54 - 000000029 _____ C:\WINDOWS\system32\Drivers\RtkR0Log.dat 2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\ProgramData\SoundResearch 2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\Program Files\Realtek 2021-03-28 21:52 - 2021-04-04 18:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-28 21:52 - 2021-03-28 21:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-28 21:39 - 2021-04-04 20:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-28 21:39 - 2021-03-28 21:39 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-26 12:43 - 2021-03-26 12:43 - 000000000 ____D C:\Users\Nancy Harper\Documents\OneNote Notebooks 2021-03-22 18:43 - 2021-03-22 18:43 - 000000000 ____D C:\Users\tharp\AppData\LocalLow\Adobe 2021-03-21 20:28 - 2021-03-21 20:28 - 000000377 _____ C:\Users\tharp\Desktop\Backup Plus (E) - Shortcut.lnk 2021-03-21 20:23 - 2021-03-21 20:23 - 000000000 __RSD C:\Users\tharp\Documents\McAfee Vaults 2021-03-11 19:56 - 2021-03-11 19:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-11 19:56 - 2021-03-11 19:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-11 19:55 - 2021-03-11 19:55 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-11 19:55 - 2021-03-11 19:55 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-11 19:55 - 2021-03-11 19:55 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-11 19:55 - 2021-03-11 19:55 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-03-11 19:54 - 2021-03-11 19:54 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-11 19:54 - 2021-03-11 19:54 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-11 19:54 - 2021-03-11 19:54 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-11 19:54 - 2021-03-11 19:54 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-11 19:54 - 2021-03-11 19:54 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-04 20:52 - 2017-12-15 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2021-04-04 18:58 - 2021-03-02 13:18 - 000000000 __RSD C:\Users\Nancy Harper\Documents\McAfee Vaults 2021-04-04 18:58 - 2021-01-23 17:09 - 000000000 __SHD C:\Users\Nancy Harper\IntelGraphicsProfiles 2021-04-04 18:57 - 2017-06-27 14:20 - 000000000 ____D C:\ProgramData\McAfee 2021-04-04 18:55 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\mcafee 2021-04-04 18:55 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files (x86)\McAfee 2021-04-04 18:54 - 2020-10-13 12:59 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-04 18:54 - 2017-05-23 08:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2021-04-04 18:54 - 2017-05-23 08:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2021-04-04 18:52 - 2017-05-23 08:08 - 000000000 ____D C:\Program Files (x86)\HP Inc 2021-04-04 18:52 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\HP 2021-04-04 18:52 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files (x86)\HP 2021-04-04 18:51 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2021-04-04 18:51 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files\HP 2021-04-04 18:51 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2021-04-04 18:51 - 2017-04-17 19:30 - 000000000 ___HD C:\hp 2021-04-01 23:50 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\Common Files\mcafee 2021-04-01 23:40 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\Common Files\av 2021-04-01 22:42 - 2019-05-27 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-04-01 22:42 - 2017-05-23 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2021-04-01 22:42 - 2017-05-23 08:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-04-01 22:37 - 2021-01-23 17:19 - 000000000 ___RD C:\Users\Nancy Harper\OneDrive 2021-03-30 10:12 - 2021-01-23 17:10 - 000000000 ___RD C:\Users\Nancy Harper\3D Objects 2021-03-28 22:38 - 2021-01-25 10:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-03-28 22:38 - 2021-01-19 09:57 - 000000000 ____D C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-03-28 22:34 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-03-28 22:25 - 2021-02-13 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2021-03-28 22:12 - 2017-06-27 14:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2021-03-28 22:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-03-28 22:11 - 2017-06-27 14:17 - 000000000 ____D C:\WINDOWS\HP 2021-03-28 22:11 - 2017-03-18 19:32 - 000000000 ____D C:\WINDOWS\HoloShell 2021-03-28 22:11 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-03-28 22:09 - 2020-01-20 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2021-03-28 22:09 - 2017-06-27 14:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2021-03-28 22:09 - 2017-06-27 14:17 - 000000000 ____D C:\ProgramData\WildTangent 2021-03-28 22:09 - 2017-05-23 08:49 - 000000000 ____D C:\SWSetup 2021-03-28 22:09 - 2017-05-23 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Orbit 2021-03-28 22:09 - 2017-05-23 08:06 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2021-03-28 22:09 - 2017-05-23 08:04 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-28 22:08 - 2017-06-27 14:19 - 000000000 ____D C:\ProgramData\install_clap 2021-03-28 22:08 - 2017-06-27 14:19 - 000000000 ____D C:\ProgramData\install_backup 2021-03-28 22:08 - 2017-06-27 14:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2021-03-28 22:08 - 2017-06-27 14:04 - 000000000 ____D C:\Program Files (x86)\Realtek 2021-03-28 22:08 - 2017-05-23 08:08 - 000000000 ____D C:\ProgramData\Dropbox 2021-03-28 22:08 - 2017-05-23 08:06 - 000000000 ___RD C:\Program Files (x86)\Online Services 2021-03-28 22:08 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\Apple 2021-03-28 22:07 - 2017-06-27 14:06 - 000000000 ____D C:\Program Files (x86)\Intel 2021-03-28 22:07 - 2017-05-23 08:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-28 22:06 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\mcafee.com 2021-03-28 22:06 - 2017-06-27 14:05 - 000000000 ____D C:\Program Files\Intel 2021-03-28 22:06 - 2017-05-23 08:09 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-03-28 22:06 - 2017-05-23 08:08 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ___RD C:\Program Files\Online Services 2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ____D C:\Program Files\Bonjour 2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ____D C:\Program Files (x86)\Bonjour 2021-03-24 12:39 - 2017-07-23 21:11 - 000000000 ___RD C:\Users\tharp\OneDrive 2021-03-21 20:22 - 2017-07-23 21:08 - 000000000 __SHD C:\Users\tharp\IntelGraphicsProfiles ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================================ End of FRST.txt ======================== Link to post Share on other sites More sharing options...
kevinf80 Posted April 5, 2021 ID:1449333 Share Posted April 5, 2021 Hiya Browsealot and welcome to Malwarebytes, Continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs in your next reply... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
Solution Browsealot Posted April 6, 2021 Author Solution ID:1449458 Share Posted April 6, 2021 Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 6, 2021 ID:1449472 Share Posted April 6, 2021 Can I also see logs from Sophos when ready... Link to post Share on other sites More sharing options...
Browsealot Posted April 6, 2021 Author ID:1449482 Share Posted April 6, 2021 14 hours ago, kevinf80 said: SophosVirusRemovalTool.log SophosVirusRemovalTool_cloud4.log Link to post Share on other sites More sharing options...
kevinf80 Posted April 6, 2021 ID:1449539 Share Posted April 6, 2021 Hiya Browsealot, Sophos log is clean, what is current status of your PC, any issues or concerns... Thank you, Kevin.. Link to post Share on other sites More sharing options...
kevinf80 Posted April 11, 2021 ID:1450741 Share Posted April 11, 2021 Any progress...? Link to post Share on other sites More sharing options...
kevinf80 Posted April 12, 2021 ID:1450909 Share Posted April 12, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts