Jump to content

Can you PLEASE help with this...


Go to solution Solved by Browsealot,

Recommended Posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/21
Scan Time: 10:54 PM
Log File: d4bec36a-9377-11eb-9875-000000000000.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38998
License: Premium

-System Information-
OS: Windows 10 (Build 19041.867)
CPU: x64
File System: NTFS
User: DESKTOP-KAI2134\Nancy Harper

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 369802
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.WebNavigator, C:\USERS\THARP\DOWNLOADS\CLICK HERE TO START THE WEBNAVIGATOR BROWSER INSTALLER_155888P_.EXE, Quarantined, 15291, 876585, 1.0.38998, , ame, , 2FB8F187D5C181FAD90FEE57267C4A58, 3ACE4CC2E440B30E39307EFC6980F713DB7FFC99E37AA648A293CFE40C72734D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-04-2021
# Duration: 00:01:03
# OS:       Windows 10 Home
# Cleaned:  57
# Awaiting reboot:2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E73EAA-869E-4CAF-81D2-4A9FB538C7BB} 
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted       Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HP\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Folder   C:\Users\Nancy Harper\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Deleted       Preinstalled.HPJumpStartApps   Folder   C:\Program Files (x86)\HP\HP JUMPSTART APPS
Deleted       Preinstalled.HPJumpStartApps   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps
Deleted       Preinstalled.HPJumpStartLaunch   Folder   C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted       Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FB6F9C-9367-41C1-9DBD-02AED46A537B} 
Deleted       Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted       Preinstalled.HPOrbit   File   C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Orbit.lnk
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT SERVICE
Deleted       Preinstalled.HPOrbit   Folder   C:\ProgramData\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{38B26B58-693D-4B55-9653-1E8D173A9F3B}
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DED1B811-5F83-451D-AFE6-F9AC351CB63B}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Nancy Harper\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Nancy Harper\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{00612F78-52C4-46C0-97F0-F50B6036B5E2}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4780AF24-213D-4187-86F2-0014A6D6077B}
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files (x86)\HP INC\HP SURE CONNECT
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY
Deleted       Preinstalled.HPSureConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted       Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BARN YARN COLLECTORS EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\LETTER QUEST - GRIMMS JOURNEY
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MYSTIKA 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RUNEFALL
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\SPARKLE 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Needs Reboot  Preinstalled.HPJumpStartBridge   Folder   C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Needs Reboot  Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-03-2021
Ran by Nancy Harper (04-04-2021 22:07:10)
Running from C:\Users\Nancy Harper\Downloads
Windows 10 Home Version 2004 19041.867 (X64) (2021-03-29 06:01:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-147387203-2049521185-1391950953-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-147387203-2049521185-1391950953-503 - Limited - Disabled)
Guest (S-1-5-21-147387203-2049521185-1391950953-501 - Limited - Disabled)
Nancy Harper (S-1-5-21-147387203-2049521185-1391950953-1041 - Administrator - Enabled) => C:\Users\Nancy Harper
nharp (S-1-5-21-147387203-2049521185-1391950953-1038 - Limited - Disabled)
tharp (S-1-5-21-147387203-2049521185-1391950953-1001 - Administrator - Enabled) => C:\Users\tharp
WDAGUtilityAccount (S-1-5-21-147387203-2049521185-1391950953-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Barn Yarn Collector's Edition (HKLM-x32\...\WTA-a2f78c80-5eea-40c9-a802-e6c484d66f19) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{20CC03C7-7B48-4130-B7FA-39BC128E3A9E}) (Version: 2.21.5 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1047 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1643.1 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A9BCF224-9E30-4BFD-8917-2990841F6A87}) (Version: 19.50.0 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-5e3f0140-8d99-4765-8fb3-97d2c27b9ca6) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R30 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.21686 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-147387203-2049521185-1391950953-1041\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mystika 2 (HKLM-x32\...\WTA-c061a997-55b9-451a-9af6-3f5326668911) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21686 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8656 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-719a6e97-7168-463e-bfa9-84644f1091bd) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-84d407b0-2b44-451a-8bfd-d876dde1264f) (Version: 3.0.2.51 - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.582 - McAfee, LLC)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-04-01] (Amazon.com)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2021-04-01] (ELAN Microelectronics Corporation)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.1.134.0_x64__dt26b99r8h8gj [2021-04-01] (Realtek Semiconductor Corp)
HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2021-04-01] (ELAN MICROELECTRONICS CORP.) [Startup Task]
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2021-04-01] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-04-01] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-01] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.1.3.0_x64__kx24dqmazqk8j [2021-04-01] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-01-20] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-01-20] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2021-04-01 23:17 - 2021-04-01 23:17 - 000120832 _____ () [File not signed] [File is in use] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\764b38e6de1bd057f94011120cc33d24\BridgeExtension.ni.dll
2021-04-01 23:15 - 2021-04-01 23:15 - 000157696 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\17c957e18eec67eee9951a8c48fd28e5\BRIDGECommon.ni.dll
2021-04-01 23:17 - 2021-04-01 23:17 - 000343552 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\51b827da59bc6d814fd76ade6d857d6b\CleanStartController.ni.dll
2021-04-01 23:17 - 2021-04-01 23:17 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\939bd33c5f4a7ad06c69a173c40dc7f0\CommonPortable.ni.dll
2017-05-23 08:09 - 2017-05-23 08:09 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2017-05-23 08:09 - 2017-05-23 08:09 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ===
(If an entry is
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ==
===============
==================== Internet Explorer (WhitelisteSearchScopes: HKLSearchScopes: HKLM -> {69B27CF0-8645-47B5-B885-800DB931DD2C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywordSearchScopes: HKLSearchScopes: HKLM-x32 -> {69B27CF0-8645-47B5-B885-800DB931DD2C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywordBHO: Skype for BuBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-04-01] (Microsoft Corporation -> MicrosoBHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-04-02] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WBHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-04-02] (McAfee, LLC 
==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-147387203-2049521185-1391950953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tharp\AppData\Local\Microsoft\Windows\Themes\20200101_214740[267].jpg
HKU\S-1-5-21-147387203-2049521185-1391950953-1041\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84F8B51A-F2F6-4234-98B5-FB9D182CA52D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB8DD282-E333-4603-9983-3BD803DE514E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{27DC9705-2751-43A7-B009-05F06D0A16EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F53A85F3-4995-410C-B8E4-412317E3B404}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E30A0077-CA2B-4AEB-8C1A-8568093F42A6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{C133CC5D-2065-428A-875D-1257A0828313}] => (Allow) LPort=13148
FirewallRules: [{236DFED6-0730-41B9-9BB4-148D90684745}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => No File
FirewallRules: [{1393699E-FDDB-41CA-98D1-ECA9141A0840}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{889D5864-2756-4DB2-8F70-0B04F937F3C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1511E35-BC4F-4C93-AE12-BDCB9982B350}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8697517-BCF3-42D2-8C49-13E400E6D0CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D1A533D-E415-4D2F-A266-F906288313D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A432565-1A8C-43B3-8EF9-0668AAF20125}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B14EBD8F-D972-433B-8883-C64D3F4CEA3A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F728BDC5-DA18-4008-A962-F1869911E258}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47946877-8360-4E4B-9410-9F098EFA636C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CC3D25EA-43A7-493A-A2AA-82E680D11802}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0630EE1-37B0-42A1-838B-2867F19A32BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{62375686-012B-41F9-92C8-14294EC2F897}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D81E48F-C1F9-467C-80DE-F65B502AC5C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{123FEA00-F944-45F6-B38A-223627A1B1C8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{F436F5B2-647D-4EA0-B762-B24A27CFB95F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)

==================== Restore Points =========================

04-04-2021 18:50:28 AdwCleaner_BeforeCleaning_04/04/2021_18:50:26

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-KAI2134.local already in use; will try DESKTOP-KAI2134-2.local instead

Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 DESKTOP-KAI2134.local. Addr 192.168.1.135

Error: (04/04/2021 07:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.135:5353   16 DESKTOP-KAI2134.local. AAAA 2603:8000:2C00:0014:0000:0000:0000:1EC7

Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/04/2021 06:53:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/04/2021 06:43:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-KAI2134.local already in use; will try DESKTOP-KAI2134-2.local instead


System errors:
=============
Error: (04/04/2021 06:58:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/04/2021 06:58:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/04/2021 06:54:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Orbit Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sound Research SECOMN Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Synaptics Audio APO Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Storage Middleware Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/04/2021 06:51:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP JumpStart Bridge service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===============
Date: 2021-04-04 21:39:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-03-28 22:18:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===============
Date: 2021-04-04 21:39:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: Insyde F.55 06/08/2020
Motherboard: HP 830F
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 85%
Total physical RAM: 6016.66 MB
Available physical RAM: 876.19 MB
Total Virtual: 7680.66 MB
Available Virtual: 1637.87 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:451.57 GB) (Free:372.8 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{66c26879-8e91-436b-b648-6063c4b11d7c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{122b271c-e460-438d-a9fe-47072ee0e128}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ======================= (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{122b271c-e460-438d-a9fe-47072ee0e128}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021
Ran by Nancy Harper (administrator) on DESKTOP-KAI2134 (HP HP Pavilion x360 Convertible 14m-ba0xx) (04-04-2021 22:03:07)
Running from C:\Users\Nancy Harper\Downloads
Loaded Profiles: tharp & Nancy Harper
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Task: {1995E303-5A32-4334-855C-ECDFDE1AB58C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(Farbar) [File not signed] C:\Users\Nancy Harper\Downloads\FRST64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc. -> HP) C:\Windows\System32\hpservice.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_5acc9ca73ae7cf4c\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7002521e34feee93\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7002521e34feee93\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {8570280C-B7B7-4AD6-B397-065DA73EC40C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {98546415-8088-46A6-A2C8-FC9FAD7C66EC} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {9DE40A2B-EE73-4DED-9ACC-D265B464A51C} - \DropboxOEM -> No File <==== ATTENTION
Task: {A0F39486-CF80-4970-B528-9C1D76FAA894} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC)
Task: {A9B7C157-CE84-4291-87F6-A42A97BBD74F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {AC389BF1-A148-4A80-873F-BC191E8F996E} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> No File <==== ATTENTION
Task: {B218E4F6-8FC4-4EE9-90CF-98C79ACE67BF} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-04-01] (McAfee, Inc. -> McAfee, LLC.)
Task: {B275BC86-349C-4056-B23C-728D1E94919E} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {C2EE67F0-AE18-4735-8386-CCC6F61CDA94} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC)
Task: {C8180E21-0CB8-48C3-B035-5B2FB7D4DA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.)
Task: {C8E8456B-8EF4-4E8E-BEBF-A4C16D8543D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCD6C84B-9189-4AD6-A349-34ED3C605333} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {E045E7C9-3AF5-4B73-9F24-42AA463105D3} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC)
Task: {E1CB8C06-BC49-40D2-9EE3-0DDBAB22316D} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION
Task: {E79DA0E4-CC21-4A85-9EBC-8D5EC4039849} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC72DA74-F612-42F4-B5EE-479C2F72B311} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {F08A27A8-9E01-4C00-8137-E826E343667F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {F140E1C0-FB88-4EF2-9886-B93AF524AEE7} - \HPEA3JOBS -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
\Realtek\Audio\HDA\RtkNGUI64.exe [9270776 2019-03-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP)
Startup: C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-03-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-01-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {067681FA-6447-4A68-88BA-48DAE1EE6206} - \Microsoft\Windows\Windows Defender\Windows Defender Verification -> No File <==== ATTENTION
Task: {0AF41C5D-C467-4D80-A141-F6DDD24EDDAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {0CA3E1CD-C983-4199-8008-E7543E4A876C} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {10F7BBC7-5A39-45A4-B35A-129C3D444715} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\system32\RtkAudUService64.exe [821320 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1995E303-5A32-4334-855C-ECDFDE1AB58C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {19AB62B5-3C04-423F-B629-F49601B7915E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
Task: {36C40CC4-2AD6-4E8C-B561-C02B6FA8D47A} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {398BE8D1-A24B-4011-8169-14FE70F6E519} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Nancy Harper\Desktop\adwcleaner_8.2.exe [8534696 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
Task: {41E8C6DF-6000-4085-ACBC-1115CF7A8240} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup -> No File <==== ATTENTION
Task: {4343BE74-8493-4584-83A8-D2D9366E2B30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {469965B6-77AD-47ED-B71E-4594EAD58DC1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [738272 2021-01-14] (McAfee, LLC -> McAfee, LLC)
Task: {4A5D06EA-28E4-4BAF-A61B-448F7D086C46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {4B7A109F-521B-4FD9-994B-84BF5621CEB5} - System32\Tasks\HPCeeScheduleForNancy Harper => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {50CCFEEF-426A-427E-83AB-C081D9199D90} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {510EC077-212E-434D-AA03-9BBBE5F5096F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4676920 2021-01-07] (McAfee, LLC -> McAfee, LLC)
Task: {5153B03D-D382-4CAF-89EB-30BB4EAE028C} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan -> No File <==== ATTENTION
Task: {578BDC89-A21F-468F-97D9-92DEB770E053} - \HP\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {8570280C-B7B7-4AD6-B397-065DA73EC40C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {98546415-8088-46A6-A2C8-FC9FAD7C66EC} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {9DE40A2B-EE73-4DED-9ACC-D265B464A51C} - \DropboxOEM -> No File <==== ATTENTION
Task: {A0F39486-CF80-4970-B528-9C1D76FAA894} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC)
Task: {A9B7C157-CE84-4291-87F6-A42A97BBD74F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {AC389BF1-A148-4A80-873F-BC191E8F996E} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> No File <==== ATTENTION
Task: {B218E4F6-8FC4-4EE9-90CF-98C79ACE67BF} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-04-01] (McAfee, Inc. -> McAfee, LLC.)
Task: {B275BC86-349C-4056-B23C-728D1E94919E} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {C2EE67F0-AE18-4735-8386-CCC6F61CDA94} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC)
Task: {C8180E21-0CB8-48C3-B035-5B2FB7D4DA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.)
Task: {C8E8456B-8EF4-4E8E-BEBF-A4C16D8543D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115040 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCD6C84B-9189-4AD6-A349-34ED3C605333} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E045E7C9-3AF5-4B73-9F24-42AA463105D3} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993360 2021-01-20] (McAfee, LLC -> McAfee, LLC)
Task: {E1CB8C06-BC49-40D2-9EE3-0DDBAB22316D} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION
Task: {E79DA0E4-CC21-4A85-9EBC-8D5EC40n)
9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC72DA74-F612-42F4-B5EE-479C2F72B311} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {F08A27A8-9E01-4C00-8137-E826E343667F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {F140E1C0-FB88-4EF2-9886-B93AF524AEE7} - \HPEA3JOBS -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eb23d636-f60e-4e2f-adfc-4730770a6f71}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f6e87beb-39df-4d5d-9c2c-9b81b19e2e2c}: [DhcpNameServer] 172.168.0.5

Edge: 
=======
Edge Profile: C:\Users\Nancy Harper\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-04]
eServer] 192.168.1.1
Tcpip\..\Interfaces\{f6e87beb-39df-4d5d-9c2c-9b81b19e2e2c}: [DhcpNameServer] 172.168.0.5

Edge: 
=======
Edge Profile: C:\Users\Nancy Harper\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-04]
 not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-01-20] (McAfee, LLC -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-01-20] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-01-20] (McAfee, LLC -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-01-20] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137440 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (McAfee, Inc. -> Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-04-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-01] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [952992 2021-04-02] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [779080 2021-01-15] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.0.110.0\\McCSPServiceHost.exe [2784672 2021-01-05] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1627680 2021-01-20] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4240160 2021-01-08] (McAfee, LLC -> McAfee, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-01] (Malwarebytes Inc -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [795640 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-04 22:02 - 2021-04-04 22:04 - 000033918 _____ C:\U
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-04 22:02 - 2021-04-04 22:04 - 000033918 _____ C:\Users\Nancy Harper\Downloads\FRST.txt
2021-04-04 22:02 - 2021-04-04 22:02 - 002298368 _____ (Farbar) C:\Users\Nancy Harper\Downloads\FRST64 (1).exe
2021-04-04 22:01 - 2021-04-04 22:03 - 000000000 ____D C:\FRST
2021-04-04 22:01 - 2021-04-04 22:01 - 002298368 _____ (Farbar) C:\Users\Nancy Harper\Downloads\FRST64.exe
2021-04-04 21:51 - 2021-04-04 21:51 - 000000773 _____ C:\Users\Nancy Harper\Desktop\AdwCleaner - Shortcut.lnk
2021-04-04 21:51 - 2021-04-04 21:51 - 000000773 _____ C:\Users\Nancy Harper\Desktop\AdwCleaner - Shortcut (2).lnk
2021-04-04 21:01 - 2021-04-04 21:01 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-04 20:59 - 2021-04-04 20:59 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-04 20:59 - 2021-04-04 20:59 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-04 20:48 - 2021-04-04 20:48 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-04 20:48 - 2021-04-04 20:48 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-04 20:48 - 2021-04-04 20:48 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-04 20:48 - 2021-04-04 20:48 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-04 20:48 - 2021-04-04 20:48 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-04 18:57 - 2021-04-04 20:56 - 000000000 ____D C:\Users\Nancy Harper\AppData\LocalLow\IGDump
2021-04-04 18:52 - 2021-04-04 18:52 - 000003180 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-04-04 18:48 - 2021-04-04 18:51 - 000000000 ____D C:\AdwCleaner
2021-04-04 18:47 - 2021-04-04 18:47 - 008534696 _____ (Malwarebytes) C:\Users\Nancy Harper\Desktop\adwcleaner_8.2.exe
2021-04-04 18:47 - 2021-04-04 18:47 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\McAfee File Lock
2021-04-04 18:47 - 2021-01-18 02:58 - 000089112 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2021-04-04 18:46 - 2021-04-04 18:54 - 000000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNancy Harper.job
2021-04-04 18:46 - 2021-04-04 18:46 - 000003312 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForNancy Harper
2021-04-02 07:07 - 2021-04-02 07:07 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\CrashDumps
2021-04-01 23:48 - 2021-04-01 23:49 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-04-01 23:44 - 2021-04-04 18:55 - 000000000 ____D C:\ProgramData\McInstTemp0247971617345848
2021-04-01 23:43 - 2021-04-04 18:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-04-01 23:40 - 2021-04-02 07:02 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-04-01 22:52 - 2021-04-01 22:52 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-01 22:52 - 2021-04-01 22:52 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\mbam
2021-04-01 22:51 - 2021-04-01 22:51 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-01 22:51 - 2021-04-01 22:51 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-01 22:51 - 2021-04-01 22:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-01 22:51 - 2021-04-01 22:51 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-01 22:38 - 2021-04-01 22:59 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\PlaceholderTileLogoFolder
2021-04-01 22:37 - 2021-04-01 22:37 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-04-01 22:37 - 2021-04-01 22:37 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-04-01 22:31 - 2021-04-01 22:31 - 000000000 ___HD C:\Users\Nancy Harper\MicrosoftEdgeBackups
2021-04-01 22:30 - 2021-04-04 10:08 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\hpqLog
2021-04-01 19:27 - 2021-04-01 19:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-04-01 19:26 - 2021-04-04 18:51 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Hewlett-Packard
2021-04-01 19:23 - 2021-04-01 19:23 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\D3DSCache
2021-04-01 08:05 - 2021-04-01 08:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\RegistrationDataHandler
2021-04-01 08:04 - 2021-04-04 18:52 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Hewlett-Packard
2021-04-01 08:03 - 2021-04-01 08:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\HP
2021-04-01 08:02 - 2021-04-04 20:59 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\DropboxOEM
2021-04-01 08:02 - 2021-04-01 08:02 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\DropboxOEM
2021-04-01 07:59 - 2021-04-01 07:59 - 000000000 ___HD C:\ProgramData\temp
2021-03-31 21:23 - 2021-04-04 21:44 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Comms
2021-03-30 10:20 - 2021-04-01 22:37 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-147387203-2049521185-1391950953-1041
2021-03-30 10:16 - 2021-03-30 10:16 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-30 10:15 - 2021-04-01 22:31 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\MicrosoftEdge
2021-03-30 10:13 - 2021-04-01 22:59 - 000000000 ____D C:\ProgramData\Packages
2021-03-30 10:13 - 2021-04-01 19:29 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Publishers
2021-03-30 10:12 - 2021-04-04 21:08 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Packages
2021-03-30 10:12 - 2021-04-01 07:54 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\ConnectedDevicesPlatform
2021-03-30 10:12 - 2021-03-30 10:13 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\Intel
2021-03-30 10:12 - 2021-03-30 10:12 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Adobe
2021-03-30 10:12 - 2021-03-30 10:12 - 000000000 ____D C:\Users\Nancy Harper\AppData\Local\VirtualStore
2021-03-30 10:11 - 2021-03-30 10:11 - 000000020 ___SH C:\Users\Nancy Harper\ntuser.ini
2021-03-28 22:43 - 2021-03-28 22:43 - 000000000 _SHDL C:\Users\Default User
2021-03-28 22:43 - 2021-03-28 22:43 - 000000000 _SHDL C:\Users\All Users
2021-03-28 22:38 - 2021-03-28 22:38 - 000010302 _____ C:\Users\tharp\Desktop\Removed Apps.html
2021-03-28 22:38 - 2021-03-28 22:38 - 000009336 _____ C:\Users\Nancy Harper\Desktop\Removed Apps.html
2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100001\Desktop\Removed Apps.html
2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100001.DESKTOP-KAI2134.000\Desktop\Removed Apps.html
2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser100000.DESKTOP-KAI2134.000\Desktop\Removed Apps.html
2021-03-28 22:38 - 2021-03-28 22:38 - 000008588 _____ C:\Users\defaultuser1.DESKTOP-KAI2134.001\Desktop\Removed Apps.html
2021-03-28 22:36 - 2021-04-01 08:06 - 000910792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-28 22:36 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\Panther
2021-03-28 22:34 - 2021-03-28 22:34 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-03-28 22:25 - 2021-04-01 19:17 - 000000000 ____D C:\Windows.old
2021-03-28 22:22 - 2021-03-28 22:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-28 22:22 - 2021-03-28 22:22 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-03-28 22:20 - 2021-03-28 22:20 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-28 22:19 - 2021-03-28 22:19 - 000000000 ____D C:\WINDOWS\Setup
2021-03-28 22:18 - 2021-04-01 22:37 - 000002391 _____ C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:18 - 2021-04-01 22:31 - 000000000 ____D C:\Users\Nancy Harper
2021-03-28 22:18 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\tharp
2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100001.DESKTOP-KAI2134.000
2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100001
2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-KAI2134.000
2021-03-28 22:18 - 2021-03-28 22:38 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-KAI2134.001
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\OCR
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\addins
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\ProgramData\ssh
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files\MSBuild
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-28 22:18 - 2021-03-28 22:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100001.DESKTOP-KAI2134.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser100000.DESKTOP-KAI2134.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:18 - 2019-12-07 02:10 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-KAI2134.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\0409
2021-03-28 22:17 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\DigitalLocker
2021-03-28 22:13 - 2021-03-28 22:33 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-28 22:13 - 2021-03-28 22:09 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2021-03-28 22:13 - 2021-03-28 22:09 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2021-03-28 22:13 - 2021-03-28 22:09 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-28 22:13 - 2021-03-28 22:09 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2021-03-28 22:13 - 2021-03-28 22:09 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2021-03-28 22:13 - 2021-03-28 22:09 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2021-03-28 22:13 - 2021-03-28 22:09 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2021-03-28 22:13 - 2021-03-28 22:09 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2021-03-28 22:13 - 2021-03-28 22:09 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2021-03-28 22:12 - 2021-04-04 22:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-28 22:12 - 2021-04-04 21:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-28 22:12 - 2021-04-04 21:01 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-28 22:12 - 2021-04-04 20:59 - 000000000 ___RD C:\Program Files (x86)
2021-03-28 22:12 - 2021-04-04 18:54 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-28 22:12 - 2021-04-02 07:05 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-28 22:12 - 2021-04-01 23:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-28 22:12 - 2021-03-31 21:23 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-28 22:12 - 2021-03-30 10:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-28 22:12 - 2021-03-29 08:00 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-28 22:12 - 2021-03-28 23:01 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-28 22:12 - 2021-03-28 22:44 - 000000000 ____D C:\WINDOWS\Registration
2021-03-28 22:12 - 2021-03-28 22:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-28 22:12 - 2021-03-28 22:18 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\IME
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\WINDOWS\Help
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows NT
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-03-28 22:12 - 2021-03-28 22:17 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 __RSD C:\WINDOWS\Media
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\system32\Nui
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ti-et
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ta-in
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\si-lk
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\my-mm
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\icsxml
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ias
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\downlevel
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\am-et
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\L2Schemas
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\IdentityCRL
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\Cursors
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files\Common Files\Services
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-03-28 22:12 - 2021-03-28 22:13 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Web
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\WaaS
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Vss
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\tracing
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\TAPI
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SystemApps
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\winevt
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\ras
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\IME
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\DriverState
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\System
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SKB
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\security
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\schemas
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\SchCache
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\rescache
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\PLA
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Performance
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\ModemLogs
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\InputMethod
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Globalization
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Containers
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\Branding
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\ProgramData\USOShared
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\Program Files\Windows Security
2021-03-28 22:12 - 2021-03-28 22:12 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2021-03-28 22:12 - 2021-03-28 22:11 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-28 22:12 - 2021-03-28 22:11 - 000000000 ____D C:\WINDOWS\Resources
2021-03-28 22:12 - 2021-03-28 22:06 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-28 22:12 - 2021-03-28 21:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-28 22:12 - 2021-03-28 21:38 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2021-03-28 22:10 - 2021-04-04 19:06 - 000000000 ____D C:\WINDOWS\INF
2021-03-28 22:05 - 2021-03-28 22:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-28 22:03 - 2021-04-01 22:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-28 21:55 - 2021-04-04 18:53 - 100139008 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-03-28 21:55 - 2021-04-04 18:53 - 037224448 _____ C:\WINDOWS\system32\config\SYSTEM
2021-03-28 21:55 - 2021-04-04 18:53 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2021-03-28 21:55 - 2021-04-04 18:53 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-28 21:55 - 2021-04-04 18:53 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2021-03-28 21:55 - 2021-04-04 18:53 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2021-03-28 21:55 - 2021-04-01 22:30 - 000000000 ____D C:\WINDOWS\servicing
2021-03-28 21:55 - 2021-03-28 22:39 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-28 21:55 - 2021-03-28 22:12 - 000000000 ____D C:\WINDOWS\system32\SMI
2021-03-28 21:55 - 2021-03-28 22:08 - 000000000 ____D C:\ProgramData\Intel
2021-03-28 21:55 - 2021-03-28 21:55 - 000003224 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2021-03-28 21:55 - 2021-03-28 21:55 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2021-03-28 21:54 - 2021-03-28 21:54 - 001369987 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-03-28 21:54 - 2021-03-28 21:54 - 000000029 _____ C:\WINDOWS\system32\Drivers\RtkR0Log.dat
2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\ProgramData\SoundResearch
2021-03-28 21:54 - 2021-03-28 21:54 - 000000000 ____D C:\Program Files\Realtek
2021-03-28 21:52 - 2021-04-04 18:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-28 21:52 - 2021-03-28 21:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-28 21:39 - 2021-04-04 20:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-28 21:39 - 2021-03-28 21:39 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-26 12:43 - 2021-03-26 12:43 - 000000000 ____D C:\Users\Nancy Harper\Documents\OneNote Notebooks
2021-03-22 18:43 - 2021-03-22 18:43 - 000000000 ____D C:\Users\tharp\AppData\LocalLow\Adobe
2021-03-21 20:28 - 2021-03-21 20:28 - 000000377 _____ C:\Users\tharp\Desktop\Backup Plus (E) - Shortcut.lnk
2021-03-21 20:23 - 2021-03-21 20:23 - 000000000 __RSD C:\Users\tharp\Documents\McAfee Vaults
2021-03-11 19:56 - 2021-03-11 19:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-11 19:56 - 2021-03-11 19:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-11 19:55 - 2021-03-11 19:55 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-11 19:55 - 2021-03-11 19:55 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-11 19:55 - 2021-03-11 19:55 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-11 19:55 - 2021-03-11 19:55 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-11 19:54 - 2021-03-11 19:54 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-11 19:54 - 2021-03-11 19:54 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-11 19:54 - 2021-03-11 19:54 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-11 19:54 - 2021-03-11 19:54 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-11 19:54 - 2021-03-11 19:54 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-04 20:52 - 2017-12-15 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-04-04 18:58 - 2021-03-02 13:18 - 000000000 __RSD C:\Users\Nancy Harper\Documents\McAfee Vaults
2021-04-04 18:58 - 2021-01-23 17:09 - 000000000 __SHD C:\Users\Nancy Harper\IntelGraphicsProfiles
2021-04-04 18:57 - 2017-06-27 14:20 - 000000000 ____D C:\ProgramData\McAfee
2021-04-04 18:55 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\mcafee
2021-04-04 18:55 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-04-04 18:54 - 2020-10-13 12:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-04 18:54 - 2017-05-23 08:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-04-04 18:54 - 2017-05-23 08:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-04-04 18:52 - 2017-05-23 08:08 - 000000000 ____D C:\Program Files (x86)\HP Inc
2021-04-04 18:52 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\HP
2021-04-04 18:52 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files (x86)\HP
2021-04-04 18:51 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-04-04 18:51 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files\HP
2021-04-04 18:51 - 2017-05-23 08:05 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-04-04 18:51 - 2017-04-17 19:30 - 000000000 ___HD C:\hp
2021-04-01 23:50 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\Common Files\mcafee
2021-04-01 23:40 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\Common Files\av
2021-04-01 22:42 - 2019-05-27 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-04-01 22:42 - 2017-05-23 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-04-01 22:42 - 2017-05-23 08:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-04-01 22:37 - 2021-01-23 17:19 - 000000000 ___RD C:\Users\Nancy Harper\OneDrive
2021-03-30 10:12 - 2021-01-23 17:10 - 000000000 ___RD C:\Users\Nancy Harper\3D Objects
2021-03-28 22:38 - 2021-01-25 10:05 - 000000000 ____D C:\Users\Nancy Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-03-28 22:38 - 2021-01-19 09:57 - 000000000 ____D C:\Users\tharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-03-28 22:34 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-28 22:25 - 2021-02-13 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2021-03-28 22:12 - 2017-06-27 14:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-03-28 22:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-03-28 22:11 - 2017-06-27 14:17 - 000000000 ____D C:\WINDOWS\HP
2021-03-28 22:11 - 2017-03-18 19:32 - 000000000 ____D C:\WINDOWS\HoloShell
2021-03-28 22:11 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-03-28 22:09 - 2020-01-20 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-03-28 22:09 - 2017-06-27 14:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-03-28 22:09 - 2017-06-27 14:17 - 000000000 ____D C:\ProgramData\WildTangent
2021-03-28 22:09 - 2017-05-23 08:49 - 000000000 ____D C:\SWSetup
2021-03-28 22:09 - 2017-05-23 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Orbit
2021-03-28 22:09 - 2017-05-23 08:06 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-03-28 22:09 - 2017-05-23 08:04 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-28 22:08 - 2017-06-27 14:19 - 000000000 ____D C:\ProgramData\install_clap
2021-03-28 22:08 - 2017-06-27 14:19 - 000000000 ____D C:\ProgramData\install_backup
2021-03-28 22:08 - 2017-06-27 14:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-03-28 22:08 - 2017-06-27 14:04 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-03-28 22:08 - 2017-05-23 08:08 - 000000000 ____D C:\ProgramData\Dropbox
2021-03-28 22:08 - 2017-05-23 08:06 - 000000000 ___RD C:\Program Files (x86)\Online Services
2021-03-28 22:08 - 2017-05-23 08:06 - 000000000 ____D C:\ProgramData\Apple
2021-03-28 22:07 - 2017-06-27 14:06 - 000000000 ____D C:\Program Files (x86)\Intel
2021-03-28 22:07 - 2017-05-23 08:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-03-28 22:06 - 2017-06-27 14:20 - 000000000 ____D C:\Program Files\mcafee.com
2021-03-28 22:06 - 2017-06-27 14:05 - 000000000 ____D C:\Program Files\Intel
2021-03-28 22:06 - 2017-05-23 08:09 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-03-28 22:06 - 2017-05-23 08:08 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ___RD C:\Program Files\Online Services
2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ____D C:\Program Files\Bonjour
2021-03-28 22:06 - 2017-05-23 08:06 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-24 12:39 - 2017-07-23 21:11 - 000000000 ___RD C:\Users\tharp\OneDrive
2021-03-21 20:22 - 2017-07-23 21:08 - 000000000 __SHD C:\Users\tharp\IntelGraphicsProfiles

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================================ End of FRST.txt ========================

Link to post
Share on other sites
Hiya Browsealot and welcome to Malwarebytes,

Continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your next reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.