Having a new terrible problem
"Windows cannot find" basically any of my files even if they are open and I am looking at them, restarted and moved some off desktop and it is better when I do that?
FRST while I can --
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by localAdmin (administrator) on HP2024 (HP HP ProBook 450 15.6 inch G10 Notebook PC) (08-05-2024 13:34:45)
Running from C:\Users\lim1\Desktop\FRST64(2).exe
Loaded Profiles: saraa & lim1 & localAdmin
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\BridgeCommunication.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_helper.exe
(explorer.exe ->) (CODE SECTOR PTY LTD -> ) C:\Program Files\TeraCopy\TeraCopy.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (CODE SECTOR PTY LTD -> ) C:\Program Files\TeraCopy\TeraCopyService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELAN_MOC_Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\Firmware\HpSfuService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_da775d7ecf291310\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_e66412af875019f8\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Plantronics, Inc. -> Poly, Inc.) C:\Program Files (x86)\oz-client\LensUpdateService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe <3>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP ICS\ICS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe [1971496 2024-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EPPCCMON] => "C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE" (No File)
HKLM-x32\...\Run: [HPNotifications] => C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe [1607816 2021-02-11] (HP Inc. -> HP)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [MicrosoftEdgeAutoLaunch_EC3FDABCDB30ABB0CEC8AE37872A60B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIXKE.EXE [421736 2021-11-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\...\Run: [MicrosoftEdgeAutoLaunch_96221EA68B980A59FCEFF09CD18A9F11] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\Run: [MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\windows\system32\EFXLM16A.DLL [182784 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3820 Series 64MonitorBE: C:\windows\system32\E_YLMBXKE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {025FC89C-4FAD-4686-9373-0C152FFDA146} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-05-07] (ESET, spol. s r.o. -> ESET)
Task: {E8C4F480-03F5-4342-806C-A345B7D1F10C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-05-07] (ESET, spol. s r.o. -> ESET)
Task: {C9311376-FDFC-48E1-A0A0-0CCFA2A0E605} - System32\Tasks\Epson PowerENGAGE => C:\Program Files (x86)\Epson PowerENGAGE\\Epson PowerENGAGE.exe [83606232 2020-04-15] (Aviata, Inc. -> Aviata, Inc.) -> C:\Program Files (x86)\Epson PowerENGAGE\\scheduled-run
Task: {41C981F4-C4C5-4E8E-9C81-A1632AA3BED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-03-25] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {949F191E-FF24-43BE-9723-61BAF42CC7EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-03-25] (HP Inc. -> HP Inc.)
Task: {2EE3896D-6150-4A57-B9F5-32D5E4F5BE9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {A5AC5482-32B2-4116-AE0B-B07F4853A695} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {32938AC5-5B00-4979-A3CA-D5E6081105DB} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310832 2024-03-25] (HP Inc. -> HP Inc.)
Task: {3CA3B65F-E0CC-4723-AB80-891EF7D4B00C} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316456 2024-03-25] (HP Inc. -> )
Task: {AF3976CE-615D-4601-B8B9-A9F82B762E7A} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {9C8C2DF8-20D6-40EA-81FB-76AD4C96D205} - System32\Tasks\HP\HP ICS\ICS => C:\Program Files (x86)\HP\HP ICS\ICS.exe [76870640 2023-08-02] (HP Inc. -> HP)
Task: {84537291-68E5-41D1-842F-413C9C035923} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EFE5017-26B5-4CF9-982E-C7843C35C33F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DBF2CF-DDD1-4DFB-8B4B-900675F9AE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {93904DA4-B2E3-421B-8F0B-98E07B646974} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {38927666-42A5-4D9B-8942-674E9EAA8F02} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F24F6BE-58B4-4ADE-BC2A-474BD70E352A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7319DB32-F6A9-4D6B-A0D3-36D6352F36BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A5DA474-0544-48EC-9927-1F4CBBF268AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0647D05A-43C6-47AB-B3B0-7B3522D97676} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {067418F7-89DE-4A54-9D6B-EDA994842469} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9ADEC95D-144C-4B0E-9780-64C30BC17C44} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {353F05E0-F241-40D1-B419-E5DC1F9BE78D} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {DED41F88-C98B-48F1-B84A-5F34921A5944} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E00E2C27-64F5-4EE1-90AE-69E2FE9EE144} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-07] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{c614c50d-07fe-4c96-af5b-8057e4238c68}: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{f16a1696-2464-4ebb-a508-8f13213092de}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Profile: C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-07]
Edge Extension: (Google Docs Offline) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-17]
Edge Extension: (Edge relevant text changes) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-10]
FireFox:
========
FF DefaultProfile: 679zlrmu.default
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\679zlrmu.default [2024-05-07]
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\w123x27c.default-release [2024-05-07]
FF Homepage: Mozilla\Firefox\Profiles\w123x27c.default-release -> chrome://browser/content/blanktab.html
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749256 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe [546416 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 ELAN_MOC_Service; C:\windows\System32\ELAN_MOC_Service.exe [237984 2023-07-25] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [206304 2020-01-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FMAPOService; C:\windows\System32\FMService64.exe [990240 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe [1494464 2024-01-19] (HP Inc. -> HP Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [475680 2023-04-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe [895552 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe [542760 2024-01-19] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe [894416 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe [890832 2024-03-03] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149448 2020-07-23] (HP Inc. -> HP)
R2 hpsvcsscan; C:\windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe [6959760 2023-10-06] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe [894928 2024-03-03] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe [493232 2024-03-03] (HP Inc. -> HP Inc.)
S2 Intel(R) Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe [2781336 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe [606648 2024-01-19] (HP Inc. -> HP Inc.)
R2 LensUpdateService; c:\Program Files (x86)\oz-client\LensUpdateService.exe [1168464 2023-07-29] (Plantronics, Inc. -> Poly, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522080 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SFUService; C:\windows\Firmware\HpSfuService.exe [890320 2023-01-23] (HP Inc. -> HP Inc.)
R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [317664 2023-06-28] (CODE SECTOR PTY LTD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AX88179; C:\windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R3 AX88179A; C:\windows\System32\DriverStore\FileRepository\axusbeth.inf_amd64_3d31862f0ad37854\AxUsbEth.sys [158232 2024-04-11] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [544768 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-07-11] (Microsoft Corporation) [File not signed]
S3 CtaChildDriver; C:\windows\System32\drivers\CtaChildDriver.sys [55704 2023-07-24] (Intel Corporation -> )
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [158640 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\windows\System32\drivers\fse.sys [218592 2024-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_5274b380f5049141\GSCAuxDriverx64.sys [108912 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_02d43148181ce541\TeeDriverGSCW8x64.sys [278472 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_30453d6d1e260f1a\iaLPSS2_SPI_ADL.sys [162816 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_d0516100086dd669\iaLPSS2_UART2_ADL.sys [319488 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-09-27] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_ec05d531d6f2e4c0\Intel_NF_I2C.sys [222656 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_f2084be6bb835256\ipf_acpi.sys [87192 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_cpu.sys [80536 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_lf.sys [445080 2023-01-17] (Intel Corporation -> Intel Corporation)
R0 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt11.sys [234856 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [78400 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [188784 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsld8c7ae59; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55077A1C-6B3D-4FE9-AAD8-407DFB61EA10}\MpKslDrv.sys [271648 2024-05-08] (Microsoft Windows -> Microsoft Corporation)
R3 rt68cx21; C:\windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_e22bbb0ee4890706\rt68cx21x64.sys [742272 2023-07-13] (Realtek Semiconductor Corp. -> Realtek)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-02-03] (Microsoft Windows -> )
R0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 WiManHu; C:\windows\System32\DriverStore\FileRepository\wiman.inf_amd64_e8edc74538613ea4\WiManHu\WiManHu.sys [211624 2023-12-18] (Intel Corporation -> Intel Corporation)
S4 IntcSdwBus; \SystemRoot\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_a7c91360744c6f58\IntcSdwBus.sys [X]
S4 Netwtw12; \SystemRoot\System32\DriverStore\FileRepository\netwtw6e.inf_amd64_cc3a2460c42c06f6\Netwtw12.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-08 13:34 - 2024-05-08 13:35 - 000029728 _____ C:\Users\lim1\Desktop\FRST.txt
2024-05-08 13:22 - 2024-05-08 13:24 - 002394112 _____ (Farbar) C:\Users\lim1\Desktop\FRST64(2).exe
2024-05-08 13:22 - 2024-05-08 13:23 - 002394112 _____ (Farbar) C:\Users\lim1\Downloads\FRST64(1).exe
2024-05-07 16:18 - 2024-05-07 16:18 - 000011196 _____ C:\Users\localAdmin\AppData\LocalLow\35d76ce50472a1bc6d5e5d05e31a4788cdd6b1edadb3658e2a7538b01ae38a6a
2024-05-07 16:18 - 2024-05-07 16:18 - 000000026 _____ C:\Users\localAdmin\AppData\LocalLow\08c99299a625780534f1ce0f0f1d7c01c78c158501eae94a3fa89bd661e91f61
2024-05-07 16:17 - 2024-05-07 16:17 - 000000264 _____ C:\Users\localAdmin\Documents\eset20240507_417pm.txt
2024-05-07 15:14 - 2024-05-07 15:14 - 000003860 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2024-05-07 15:14 - 2024-05-07 15:14 - 000003418 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2024-05-07 14:01 - 2024-05-07 14:01 - 000000000 ____D C:\Users\localAdmin\AppData\Local\CrashDumps
2024-05-07 13:58 - 2024-05-07 13:58 - 000000000 ____D C:\Users\localAdmin\AppData\Local\PeerDistRepub
2024-05-07 13:44 - 2024-05-07 15:23 - 000001431 _____ C:\Users\localAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-05-07 13:44 - 2024-05-07 15:23 - 000001325 _____ C:\Users\localAdmin\Desktop\ESET Online Scanner.lnk
2024-05-07 13:44 - 2024-05-07 13:44 - 008389496 _____ (ESET) C:\Users\localAdmin\Downloads\esetonlinescanner.exe
2024-05-07 13:44 - 2024-05-07 13:44 - 000000000 ____D C:\Users\localAdmin\AppData\Local\ESET
2024-05-07 13:41 - 2024-05-07 16:22 - 000000000 ____D C:\Users\localAdmin\Desktop\malwarebytes options asof 2024_0507
2024-05-07 13:33 - 2024-05-07 13:33 - 000234856 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt11.sys
2024-05-07 13:33 - 2024-05-07 13:33 - 000188784 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2024-05-07 13:33 - 2024-05-07 13:33 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-05-07 13:31 - 2024-05-07 13:32 - 000006661 _____ C:\Users\localAdmin\Desktop\Fixlog.txt
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ___HD C:\Users\localAdmin\AppData\Roaming\Obsidium x64
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ___HD C:\Users\localAdmin\.obs64
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\TeraCopy
2024-05-07 13:29 - 2024-05-07 13:31 - 002394112 _____ (Farbar) C:\Users\localAdmin\Desktop\FRST64.exe
2024-04-28 13:39 - 2024-04-28 13:45 - 000040864 _____ C:\Users\lim1\Downloads\FRSTanonymized.txt
2024-04-28 13:28 - 2024-05-08 13:29 - 000030092 _____ C:\Users\localAdmin\AppData\LocalLow\44d9559d2dfe2484a313422996e5da1bc1d2fced2fed59067875e5bd5807d230
2024-04-28 13:28 - 2024-05-08 13:29 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\36422c630cce2905dea2db2c59148cc350904c7c50ddf7c69832f9d9b073b37c
2024-04-28 13:27 - 2024-04-28 13:28 - 000041285 _____ C:\Users\lim1\Downloads\FRST.txt
2024-04-28 13:27 - 2024-04-28 13:28 - 000029481 _____ C:\Users\lim1\Downloads\Addition_redacted.txt
2024-04-28 13:27 - 2024-04-28 13:28 - 000029481 _____ C:\Users\lim1\Downloads\Addition.txt
2024-04-28 13:24 - 2024-05-08 13:34 - 000000000 ____D C:\FRST
2024-04-28 13:23 - 2024-04-28 13:23 - 002394112 _____ (Farbar) C:\Users\lim1\Downloads\FRST64.exe
2024-04-27 20:55 - 2024-04-27 20:55 - 000011196 _____ C:\Users\lim1\AppData\LocalLow\e3739b8d6f71e19a92d1f99870f64aa7724af502e450393dfb98fb1fea4db9cc
2024-04-27 20:55 - 2024-04-27 20:55 - 000000026 _____ C:\Users\lim1\AppData\LocalLow\fbbc84dbdb6d7e9f8df02de721cf9747793a562137165b046ecbf3bb68fc4d78
2024-04-24 05:27 - 2024-04-24 11:47 - 000000000 ____D C:\Users\lim1\Desktop\for REMOTE GMAIL FOR REDACT
2024-04-24 05:01 - 2024-04-24 05:01 - 000002260 _____ C:\Users\localAdmin\AppData\LocalLow\03a9d835bfb56f1e24d7a1ac63272dca5a836d628701760777e2f9511ac732aa
2024-04-24 04:58 - 2024-04-24 05:06 - 000000000 ____D C:\Users\localAdmin\Desktop\settings to temp change for teams 20240424
2024-04-22 17:36 - 2024-04-22 17:36 - 019340635 _____ C:\Users\lim1\Downloads\NMR in Biomedicine - 2022 REDACT
2024-04-22 17:21 - 2024-04-22 17:21 - 004598520 _____ C:\Users\lim1\Downloads\JMRI b0 s REDACT
2024-04-22 15:53 - 2024-04-24 08:49 - 000000000 ____D C:\Users\lim1\Desktop\jmr REDACT
2024-04-19 21:09 - 2024-04-19 21:09 - 000084018 _____ C:\Users\lim1\Downloads\arai-2018-quantitative-stress-perfusion-cardiac-magnetic-resonance-improves-prognostication.pdf
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _____ C:\Users\lim1\Downloads\sammut-et-al-2017-prognostic-value-of-quantitative-stress-perfusion-cardiac-magnetic-resonance.pdf
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _____ C:\Users\lim1\Downloads\gibbs-et-al-2017-prognostic-value-of-quantitative-stress-perfusion-cardiac-magnetic-resonance.pdf
2024-04-17 11:36 - 2024-04-22 15:58 - 000000000 ____D C:\Users\lim1\Desktop\jmri DUE REDACT
2024-04-17 11:16 - 2024-05-08 13:07 - 000011196 _____ C:\Users\lim1\AppData\LocalLow\35d76ce50472a1bc6d5e5d05e31a4788cdd6b1edadb3658e2a7538b01ae38a6a
2024-04-17 11:16 - 2024-04-17 11:16 - 000000026 _____ C:\Users\lim1\AppData\LocalLow\08c99299a625780534f1ce0f0f1d7c01c78c158501eae94a3fa89bd661e91f61
2024-04-17 11:13 - 2024-04-17 11:13 - 000000000 ____D C:\windows\SysWOW64\DDFs
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _____ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _____ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-17 11:06 - 2024-04-17 11:08 - 000000000 ___HD C:\$WinREAgent
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\EpsonPowerENGAGE
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Epson PowerENGAGE
2024-04-17 10:56 - 2024-02-26 00:38 - 006115800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2024-04-17 10:40 - 2024-04-17 10:40 - 000012313 _____ C:\Users\localAdmin\AppData\LocalLow\d2274c3e4945e3a566f02343fcdb38a11fcd8e2e4edbfdd68fffd7c99ad840ed
2024-04-17 10:40 - 2024-04-17 10:40 - 000000026 _____ C:\Users\localAdmin\AppData\LocalLow\830496b083eed9047906c5214edd2478790321b5759d0e5e13d5ae8446082538
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-08 13:32 - 2024-02-04 00:41 - 000000000 ____D C:\Users\lim1\AppData\Roaming\TeraCopy
2024-05-08 13:29 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-08 13:25 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Malwarebytes
2024-05-08 13:22 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-08 13:22 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-05-08 13:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-05-08 12:02 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\D3DSCache
2024-05-08 11:53 - 2024-02-04 09:28 - 000025438 _____ C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-05-07 16:24 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Malwarebytes
2024-05-07 15:28 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-05-07 15:24 - 2024-03-07 23:54 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\9ec917ee32f9e5393a9300225bdc0e5946d34fa14cacd5aacf7fb0b79eeaa5e8
2024-05-07 14:19 - 2024-02-03 21:24 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2024-05-07 14:18 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Packages
2024-05-07 14:18 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\D3DSCache
2024-05-07 14:00 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-05-07 13:40 - 2023-09-21 00:22 - 000803640 _____ C:\windows\system32\PerfStringBackup.INI
2024-05-07 13:37 - 2024-03-05 14:49 - 000025438 _____ C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-05-07 13:36 - 2024-02-10 10:50 - 000438369 _____ C:\Users\localAdmin\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-05-07 13:33 - 2023-08-26 10:47 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-07 13:33 - 2023-08-26 10:47 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-05-07 13:33 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\SleepStudy
2024-05-07 13:33 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-05-07 13:32 - 2024-02-10 11:08 - 000000000 ____D C:\Users\lim1\AppData\LocalLow\Temp
2024-05-07 13:32 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-07 13:32 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-07 13:32 - 2023-09-21 00:16 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-05-07 13:32 - 2022-05-07 01:17 - 001310720 _____ C:\windows\system32\config\BBI
2024-05-07 13:31 - 2022-05-07 01:24 - 000000000 ___HD C:\windows\system32\GroupPolicy
2024-05-07 13:31 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2024-05-07 13:30 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin
2024-05-07 13:29 - 2023-08-26 10:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-07 13:29 - 2023-08-26 10:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-07 13:26 - 2024-02-03 23:04 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000002089 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-07 13:24 - 2024-02-03 23:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-05-07 13:23 - 2023-08-26 10:47 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-07 13:23 - 2023-08-26 10:47 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-28 13:59 - 2024-02-04 09:19 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\36422c630cce2905dea2db2c59148cc350904c7c50ddf7c69832f9d9b073b37c
2024-04-28 13:54 - 2024-02-04 09:19 - 000031209 _____ C:\Users\lim1\AppData\LocalLow\44d9559d2dfe2484a313422996e5da1bc1d2fced2fed59067875e5bd5807d230
2024-04-28 13:33 - 2024-02-15 20:22 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\9ec917ee32f9e5393a9300225bdc0e5946d34fa14cacd5aacf7fb0b79eeaa5e8
2024-04-28 13:21 - 2024-02-04 00:12 - 000758770 _____ C:\Users\lim1\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-04-27 23:16 - 2024-01-19 12:32 - 000000000 ____D C:\Users\lim1\Desktop\e_DKTP_RCT
2024-04-27 22:12 - 2024-02-10 10:50 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 21:35 - 2024-01-19 12:49 - 000000000 ____D C:\Users\lim1\Desktop\e_WORK_RECON_2024_jan18
2024-04-27 21:24 - 2024-03-04 22:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Word
2024-04-27 21:24 - 2024-02-05 19:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Excel
2024-04-27 21:19 - 2024-02-04 00:12 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 20:59 - 2022-02-11 08:11 - 000000000 ____D C:\Users\lim1\Desktop\citi cc van live asof 2022_0211
2024-04-25 22:45 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Packages
2024-04-25 22:45 - 2023-08-26 10:57 - 000000000 ____D C:\ProgramData\Packages
2024-04-25 09:33 - 2024-02-03 20:23 - 000000000 ____D C:\Users\lim1\Desktop\limDk
2024-04-24 14:04 - 2024-02-04 00:41 - 000000000 ____D C:\Users\saraa\AppData\Roaming\TeraCopy
2024-04-24 14:03 - 2024-02-03 21:04 - 000000000 ____D C:\Users\saraa\AppData\Local\D3DSCache
2024-04-24 13:59 - 2024-02-03 22:47 - 000025438 _____ C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-04-24 13:57 - 2024-02-03 23:17 - 000000000 ____D C:\Users\saraa\AppData\Local\Malwarebytes
2024-04-24 13:57 - 2024-02-03 20:36 - 000000000 ____D C:\Users\saraa\AppData\Local\Packages
2024-04-24 11:46 - 2023-11-30 17:31 - 000000000 ____D C:\Users\lim1\Desktop\cleveland clinic credentialing nov 2023
2024-04-24 06:41 - 2024-02-04 09:32 - 000000000 ____D C:\Users\lim1\AppData\Local\CrashDumps
2024-04-24 06:41 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\SoundResearch
2024-04-24 04:59 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Microsoft\Spelling
2024-04-19 20:41 - 2024-04-04 22:39 - 000000000 ____D C:\Users\lim1\Desktop\apple troubles 2024_0404
2024-04-17 11:39 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-17 11:14 - 2023-08-26 10:47 - 000534352 _____ C:\windows\system32\FNTCACHE.DAT
2024-04-17 11:13 - 2024-02-03 20:57 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-04-17 11:13 - 2023-09-21 00:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\HealthAttestationClient
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\DDFs
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\Provisioning
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\PolicyDefinitions
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-04-17 11:10 - 2023-08-26 10:49 - 003213824 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2024-04-17 10:46 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\Drivers\wd
2024-04-17 10:45 - 2024-02-03 22:19 - 000000000 ____D C:\windows\system32\MRT
2024-04-17 10:43 - 2024-02-03 22:19 - 192651728 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by localAdmin (08-05-2024 13:35:17)
Running from C:\Users\lim1\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) (2024-02-04 06:47:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2638474035-1427330621-2262840621-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2638474035-1427330621-2262840621-503 - Limited - Disabled)
Guest (S-1-5-21-2638474035-1427330621-2262840621-501 - Limited - Enabled)
lim1 (S-1-5-21-2638474035-1427330621-2262840621-1002 - Limited - Enabled) => C:\Users\lim1
localAdmin (S-1-5-21-2638474035-1427330621-2262840621-1003 - Administrator - Enabled) => C:\Users\localAdmin
saraa (S-1-5-21-2638474035-1427330621-2262840621-1001 - Administrator - Enabled) => C:\Users\saraa
WDAGUtilityAccount (S-1-5-21-2638474035-1427330621-2262840621-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson PowerENGAGE 3.5.1 (HKLM-x32\...\25e3def4-1763-5663-8776-91b0a5982398) (Version: 3.5.1 - Aviata, Inc.)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{E4C6B326-8218-4FC2-8B48-85A19DAB3AE4}) (Version: 1.03.02.01 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
EPSON WF-3820 Series Printer Uninstall (HKLM\...\EPSON WF-3820 Series) (Version: - Seiko Epson Corporation)
Epson WF-3820 Userâs Guide (HKLM-x32\...\UsersGuideEpson WF-3820 Userâs Guide_is1) (Version: 1.0 - Epson America, Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Notifications (HKLM-x32\...\{84937F28-9CB4-49E7-A2CF-E32D97E6DAE6}) (Version: 1.1.28.1 - HP)
HP Sure Recover (HKLM\...\{BEFF0728-1E80-441E-9E23-2142634046C8}) (Version: 10.1.19.210 - HP Inc.)
HP Sure Run Module (HKLM\...\{2439AE5C-1F6E-4AD4-A403-D1BD8C6945B4}) (Version: 5.0.5.59 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{29C20505-3240-4B32-93B7-09BECA8CEF36}) (Version: 1.4.16.17 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{5C1C084D-1DB7-4CAB-840F-E5DD386C2A50}) (Version: 1.4.16.22 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{C4192E14-642D-4A9C-84BA-38FD0963F19D}) (Version: 1.4.16.16 - HP Inc.) Hidden
HyperSnap 8 (HKLM\...\HyperSnap 8) (Version: 8.24.04 - Hyperionics Technology LLC)
ICS (HKLM-x32\...\{5CD25FCD-D218-46D0-B405-E5A488969BDF}) (Version: 3.1.8.14 - HP Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Office Home and Student 2021 - en-us (HKLM\...\HomeStudent2021Retail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27024 (HKLM-x32\...\{7258184A-EC44-4B1A-A7D3-68D85A35BFD0}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27024 (HKLM-x32\...\{5EEFCEFB-E5F7-4C82-99A5-813F04AA4FBD}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 125.0.3 (x64 en-US)) (Version: 125.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20264 - Microsoft Corporation) Hidden
Poly Lens (HKLM-x32\...\{6E176115-6EB6-4D5D-948F-A6347E3DAB56}) (Version: 1.1.28.5852 - Poly, Inc.)
TeraCopy (HKLM\...\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}) (Version: 3.17 - Code Sector)
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-05-07] (INTEL CORP) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-07] (Microsoft Corporation)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.50.322.0_x64__dt26b99r8h8gj [2024-04-24] (Realtek Semiconductor Corp)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.5.1.0_x64__v10z8vjag6ke6 [2024-04-24] (HP Inc.)
HP Power Manager -> C:\Program Files\WindowsApps\AD2F1837.HPPowerManager_3.1.8.0_x64__v10z8vjag6ke6 [2024-02-10] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-03-07] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.34.32.0_x64__v10z8vjag6ke6 [2024-05-07] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.39.0_x64__v10z8vjag6ke6 [2024-03-06] (HP Inc.)
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-24] (INTEL CORP) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-12] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.33.0_x64__cw5n1h2txyewy [2024-04-24] (Microsoft Windows) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_30.52407.200.0_x64__v10z8vjag6ke6 [2024-03-05] (HP Inc.) [Startup Task]
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2404.195.0_x64__8wekyb3d8bbwe [2024-05-07] (Microsoft Corporation) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-05-07] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2638474035-1427330621-2262840621-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2402.32.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpbus-ubpl&ref=aagateway-businesspc-hp
==================== Loaded Modules (Whitelisted) =============
2023-06-27 01:28 - 2023-06-27 01:28 - 000162816 _____ () [File not signed] C:\Program Files\TeraCopy\Blake3.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\lim1\Desktop\FRST64(2).exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\lim1\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\lim1\Downloads\HS8Setup.exe:MBAM.Zone.Identifier [146]
AlternateDataStreams: C:\Users\lim1\Downloads\teracopy.exe:MBAM.Zone.Identifier [140]
AlternateDataStreams: C:\Users\localAdmin\Desktop\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\localAdmin\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [160]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA(1).exe:MBAM.Zone.Identifier [116]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA.exe:MBAM.Zone.Identifier [116]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-03-25] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-03-25] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
DNS Servers: 192.168.30.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "EPPCCMON"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1CB6AC14-CEA1-414D-87A8-110DFBC25EBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74A147A7-6E71-47EE-BBD3-CD2538EB0FE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B225B16B-7B44-4901-B10E-9BF47556BF08}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{588E622A-499C-4F17-AEDB-30F411D50DAB}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{DA867C4A-7687-4BDD-83B4-555E9FB78B29}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB9F32E8-B713-47D9-A1FC-27DC9CBDB6E9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E7712F9-A08E-4CCC-B9B9-E4EC0A1398F1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D541969E-956D-4D79-9446-6376D7F0DFE6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
19-04-2024 17:58:31 Scheduled Checkpoint
23-04-2024 21:34:27 Windows Update
07-05-2024 13:23:56 Windows Update
07-05-2024 13:31:51 Restore Point Created by FRST
07-05-2024 15:27:57 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Intel(R) Wi-Fi 6E AX211 160MHz
Description: Intel(R) Wi-Fi 6E AX211 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw14
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/07/2024 02:01:14 PM) (Source: Application Error) (EventID: 1000) (User: hp2024)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.34.8.0, time stamp: 0x65f09154
Faulting module name: ntdll.dll, version: 10.0.22621.3374, time stamp: 0x3fddb55c
Exception code: 0xc0000008
Fault offset: 0x000aa4f3
Faulting process id: 0x0x930
Faulting application start time: 0x0x1daa0a632a03081
Faulting application path: C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: ffeb12ce-0ecc-450f-8345-fbc6a223476a
Faulting package full name:
Faulting package-relative application ID:
Error: (05/07/2024 01:59:33 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_AppXSvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3374, time stamp: 0xeae8eecc
Exception code: 0xc0000409
Fault offset: 0x00000000000a43a0
Faulting process id: 0x0x9d0
Faulting application start time: 0x0x1daa0a736ddb417
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 59c364be-d235-4eec-820b-3848190043ff
Faulting package full name:
Faulting package-relative application ID:
Error: (05/07/2024 01:57:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete defragmentation on \\?\Volume{3af68411-c752-11ee-a7c4-e40d368abe38}\ because: Volumes cannot be optimized due to file system type not supported. (0x8900002F)
Error: (05/07/2024 01:33:05 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.
App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found
Learn about runtime installation:
Troubleshoot app launch failures - .NET
Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer
Error: (04/28/2024 01:13:19 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.
App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found
Learn about runtime installation:
Troubleshoot app launch failures - .NET
Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer
Error: (04/28/2024 01:12:46 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Faulting module name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Exception code: 0xc0000005
Fault offset: 0x00078df4
Faulting process id: 0x0x1c08
Faulting application start time: 0x0x1da9910aa3cc3a6
Faulting application path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Faulting module path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Report Id: f80f2240-88cb-45a4-9a57-c3e59ef9d9f1
Faulting package full name:
Faulting package-relative application ID:
Error: (04/27/2024 10:06:21 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.
App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found
Learn about runtime installation:
Troubleshoot app launch failures - .NET
Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer
Error: (04/27/2024 09:42:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.
App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found
Learn about runtime installation:
Troubleshoot app launch failures - .NET
Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer
System errors:
=============
Error: (05/07/2024 02:24:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N9PHDT62W94-AD2F1837.myHP.
Error: (05/07/2024 02:01:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: 9PMMSR1CGPWG-Microsoft.HEIFImageExtension.
Error: (05/07/2024 01:59:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AppX Deployment Service (AppXSVC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (05/07/2024 01:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/07/2024 01:33:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.
Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CASL Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Audio Analytics Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Innovation Platform Framework Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Windows Defender:
================Event[0]
Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence Version: 1.407.741.0;1.407.741.0
Engine Version: 1.1.24020.9
Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence Version: 1.409.343.0;1.409.343.0
Engine Version: 1.1.24030.4
Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.12.0
Previous security intelligence Version: 1.409.343.0
Update Source: Security intelligence Update Folder
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.12.0
Previous security intelligence Version: 1.409.343.0
Update Source: Security intelligence Update Folder
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===============
Date: 2024-05-08 13:23:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: HP V72 Ver. 01.04.00 01/19/2024
Motherboard: HP 8B7C
Processor: 13th Gen Intel(R) Core(TM) i7-1355U
Percentage of memory in use: 61%
Total physical RAM: 7824.31 MB
Available physical RAM: 3040.77 MB
Total Virtual: 10384.31 MB
Available Virtual: 4638.51 MB
==================== Drives ================================
Drive c: (Windows ) (Fixed) (Total:475.67 GB) (Free:172.81 GB) (Model: KBG50ZNV512G KIOXIA) NTFS
\\?\Volume{40d6b26e-4f6c-49fb-920d-5ba0dc07b7a2}\ (Windows RE Tools) (Fixed) (Total:0.99 GB) (Free:0.07 GB) NTFS
\\?\Volume{37712f39-7ea7-4090-9bc3-417a458380ae}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.12 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1B77B9C9)
Partition: GPT.
==================== End of Addition.txt =======================