I tried to upgrade and it started by repeatedly truncated. I left and it had turned off with a bunch of anolamies , took pictures, eventually desktop came back. When it started it said updating computer. I have been essentially out of business due to this and it is an emergency as I cannot respond to deadlines. Your assistance will be greatly appreciated. I need to keep my programs and my data.
The fabar text docs. That with (r) inserted has had the names of confidential documents modified.
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2022 01
Ran by hp0120 (13-04-2022 13:08:18)
Running from C:\Users\hp0120\Desktop\SYSNATIVE
Microsoft Windows 10 Home Version 2004 19041.867 (X64) (2020-08-16 02:13:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-574674512-3745594869-3936497595-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-574674512-3745594869-3936497595-503 - Limited - Disabled)
Guest (S-1-5-21-574674512-3745594869-3936497595-501 - Limited - Disabled)
hp0120 (S-1-5-21-574674512-3745594869-3936497595-1001 - Administrator - Enabled) => C:\Users\hp0120
WDAGUtilityAccount (S-1-5-21-574674512-3745594869-3936497595-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Disabled - Out of date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2019.0515.0817.14925 - Advanced Micro Devices, Inc.)
BleachBit 4.4.2.2142 (HKLM-x32\...\BleachBit) (Version: 4.4.2.2142 - BleachBit)
Dexcom CLARITY Uploader (HKLM-x32\...\{14C1AD76-53C2-4EAF-B311-79DFC0947325}) (Version: 1.13.1.0 - Dexcom, Inc.) Hidden
Dexcom CLARITY Uploader (HKLM-x32\...\{3f0f9c4a-08c9-468e-b1ee-15ec841fecd7}) (Version: 1.13.1.0 - Dexcom)
DexCom USB Driver Package (HKLM-x32\...\{DBFB0626-B6A6-44B4-B0A9-C1464C893FBA}) (Version: 1.0.0.0 - DexCom, Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP OfficeJet 6950 Basic Device Software (HKLM\...\{486DD8E9-33D8-4652-9DF7-63412B1267C8}) (Version: 40.15.1231.21321 - HP Inc.)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-574674512-3745594869-3936497595-500\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox 99.0.1 (x86 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PdaNet+ for Android 5.23 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.42.0 - Goversoft LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9225.1 - Realtek Semiconductor Corp.)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.30.0.23 - Seagate)
Tweaking.com - Remote Desktop IP Monitor & Blocker (HKLM-x32\...\Tweaking.com - Remote Desktop IP Monitor & Blocker) (Version: 1.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.12.4 - Tweaking.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1555 - Microsoft Corporation)
Windows Driver Package - DexCom, Inc. (usbser) Ports (05/24/2010 1.0.0.2) (HKLM\...\34C19A05C447FC9BDD48174F6232DC357FBB62D1) (Version: 05/24/2010 1.0.0.2 - DexCom, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2022-04-12] (Advanced Micro Devices Inc.)
Booking.com USA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comUSABigsavingson_1.0.4.0_x64__mgae2k3ys4ra0 [2022-04-12] (Priceline Partner Network)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2007.1991.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2022-04-12] (ELAN Microelectronics Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-04-12] (HP Inc.)
Hotspot Shield Free VPN -> C:\Program Files\WindowsApps\6F71D7A7.HotspotShieldFreeVPN_2.10.5.0_x64__nsbqstbb9qxb6 [2022-04-12] (Pango Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.11.218.0_x64__v10z8vjag6ke6 [2022-04-12] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.7.0_x64__v10z8vjag6ke6 [2022-04-12] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2022-04-12] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_120.1.741.0_x64__v10z8vjag6ke6 [2022-04-12] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.6.761.0_x64__v10z8vjag6ke6 [2022-04-13] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2022-04-13] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2022-04-12] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.38.0_x64__wafk5atnkzcwy [2022-04-12] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2022-04-13] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-15] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-04-12] (Adobe Systems Incorporated)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2022-04-12] (Skype)
sMedio True DVD for HP -> C:\Program Files\WindowsApps\0E3921EB.sMedioTrueDVDforHP_1.1.128.0_x64__agwrg61xdd7p4 [2022-04-12] (sMedio Inc.)
Ultra Office -> C:\Program Files\WindowsApps\D5BE6627.UltraOffice_1.0.10.0_x86__9pm2v9747qaaa [2022-04-12] (CompuClever Systems Inc.)
Ultra PDF -> C:\Program Files\WindowsApps\D5BE6627.UltraPDF_2.1.16.0_x64__9pm2v9747qaaa [2022-04-12] (CompuClever Systems Inc.)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2022-04-12] (WildTangent Games)
Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.0.11761.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-04-27] (Goversoft LLC -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-04-27] (Goversoft LLC -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-04-27] (Goversoft LLC -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-04-27] (Goversoft LLC -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-11-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-04-27] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-01-08 15:54 - 2019-01-08 15:54 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-01-08 15:54 - 2019-01-08 15:54 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-05-15 11:15 - 2019-05-15 11:15 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 15:54 - 2019-01-08 15:54 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-01-08 15:55 - 2019-01-08 15:55 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\hp0120\Desktop\Small Proposed Findings.docx:SandBoxSafeFile [0]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR540 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-574674512-3745594869-3936497595-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {FB3F9321-4117-41A7-84ED-3A7905601BB4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2022-04-12 13:46 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-08-04 12:19 - 2021-08-04 12:20 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp0120\Desktop\20210608_181921.jpg
HKU\S-1-5-21-574674512-3745594869-3936497595-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "DisplayLinkTrayApp"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "DexComCLARITYUploader"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\StartupFolder: => "Lotus Organizer EasyClip.lnk"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\StartupFolder: => "Lotus QuickStart.lnk"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\StartupFolder: => "Lotus SmartCenter.lnk"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\StartupFolder: => "Lotus SuiteStart.lnk"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\Run: => "HP OfficeJet 6950 (NET)"
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-574674512-3745594869-3936497595-500\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F3F91776-CDFA-40DB-8237-118E7F3AB331}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3380C25-6AAE-48F5-A426-8B37879AD2D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{59E6CE52-3596-4534-9639-FD2D747AA24E}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{67724996-669F-41AA-AFFC-6408E3675022}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{2E1DE789-E3D1-4E98-AAE7-274B7FF7BD84}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{F04F96B0-720E-41EA-A4F1-55D3873F4B85}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{11015038-FB35-4432-A137-58E26CA41E68}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{76B8B352-72EE-417E-95AD-C8C983054F62}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{365044B3-782E-4675-A5AE-0AC20118E4A0}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{12E4CDCB-BC70-48B1-93D8-B3D9CC354A3A}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6ED6D408-F9EE-4CC4-9719-0313928A3496}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{9AC75D55-DCFA-4092-9582-BB1F9E5D8EDA}] => (Allow) LPort=5357
FirewallRules: [{50E0247E-F90F-477B-95DA-DE7DB087FDA0}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6530AFBD-98DF-4D05-B029-11371A07D89B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0CE93637-FE2B-4589-A4CF-8ADAACF70887}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{609A3AEB-B12D-49C0-BC21-FA9D83F22C91}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{E064DBC6-7B84-4E27-841C-82CB91C513BA}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
==================== Restore Points =========================
08-04-2022 20:42:16 Scheduled Checkpoint
11-04-2022 14:06:42 AdwCleaner_BeforeCleaning_11/04/2022_14:06:42
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/13/2022 11:38:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (04/13/2022 11:34:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (04/13/2022 11:34:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (04/13/2022 10:13:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.844, time stamp: 0x5d74feca
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0x60a6ca36
Exception code: 0xc0000374
Fault offset: 0x00000000000fef89
Faulting process id: 0x344
Faulting application start time: 0x01d84f48e2e19340
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 92884889-2489-40c0-b5af-e24dc4c8ade2
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 02:27:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 20
Start Time: 01d84f07ba19ab69
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: d2de7353-7c2a-4a39-a5a2-a5335f2fb9c6
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-thread
Error: (04/13/2022 02:26:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 34b8
Start Time: 01d84ef23f9844e1
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 862e82af-4cae-4539-b77e-47672ffaef38
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Quiesce
Error: (04/13/2022 02:18:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2fb8
Start Time: 01d84ef33beea275
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 18b4757f-df6a-4b2b-874d-006e48e2f511
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-process
Error: (04/13/2022 02:18:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
System errors:
=============
Error: (04/13/2022 12:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/13/2022 12:29:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/13/2022 12:29:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
Windows Defender:
================
Date: 2022-04-11 17:30:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-07 10:47:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-06 03:01:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-04-12 11:44:34
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2022-04-12 09:22:49
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2022-04-12 04:26:06
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2022-04-11 23:00:36
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2022-04-08 17:03:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.55.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19100.5
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===============
Date: 2022-04-13 05:03:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.61 03/31/2021
Motherboard: HP 85B3
Processor: AMD Ryzen 3 3300U with Radeon Vega Mobile Gfx
Percentage of memory in use: 47%
Total physical RAM: 10154.36 MB
Available physical RAM: 5285.16 MB
Total Virtual: 11690.36 MB
Available Virtual: 3662.65 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.72 GB) (Free:379.54 GB) NTFS
Drive d: (Apr 13 2022) (CDROM) (Total:4.38 GB) (Free:4.34 GB) UDF
Drive f: (Backup Plus ) (Fixed) (Total:4657.33 GB) (Free:3709.28 GB) NTFS
\\?\Volume{6f5c05f0-86e6-4d88-a51b-ed9986e8fcaf}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{175853d6-f5c2-42c4-a936-897474657c41}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
\\?\Volume{089cd1c2-f41f-41ca-958c-18ab8e7f983b}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 4657.5 GB) (Disk ID: A8B18F6E)
Partition: GPT.
==================== End of Addition.txt =======================
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
FRST(r).text (privileged file names altered)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2022 01
Ran by hp0120 (administrator) on HP120C2 (HP HP Laptop 17-ca1xxx) (13-04-2022 12:05:39)
Running from C:\Users\hp0120\Desktop\SYSNATIVE
Loaded Profiles: hp0120
Platform: Microsoft Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\$GetCurrent\media\setup.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\$GetCurrent\media\sources\setupprep.exe
(C:\$GetCurrent\media\sources\setupprep.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe
(C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\$GetCurrent\media\setup.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe
(C:\Users\hp0120\Downloads\SysinternalsSuite (2)\procexp.exe ->) (Microsoft Corporation -> Sysinternals -
www.sysinternals.com) C:\Users\hp0120\AppData\Local\Temp\PROCEXP64.exe
(DriverStore\FileRepository\u0373104.inf_amd64_beb660c61c852a40\B373048\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0373104.inf_amd64_beb660c61c852a40\B373048\atieclxx.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
(Mobile Company -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\Program Files (x86)\Toolkit\Toolkit.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0373104.inf_amd64_beb660c61c852a40\B373048\atiesrxx.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Sysinternals -
www.sysinternals.com) C:\Users\hp0120\Downloads\SysinternalsSuite (2)\procexp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1613_none_7df538047ca074bb\TiWorker.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Remote Desktop IP Monitor & Blocker\RDP_Monitor.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082144 2020-04-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [DexComCLARITYUploader] => C:\Program Files (x86)\DexCom\CLARITY Uploader\Dexcom.ClarityUploader.exe [1896696 2021-05-05] (Dexcom Inc. -> Dexcom™, Inc)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.62\Installer\setup.exe [3195784 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [!GetCurrentRollback] => C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentRollback.exe [65480 2022-01-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\Installer\setup.exe [3208608 2022-04-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [0 2021-03-11] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1596776 2022-02-23] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-574674512-3745594869-3936497595-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-574674512-3745594869-3936497595-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3540384 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-574674512-3745594869-3936497595-500\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1596776 2022-02-23] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
Startup: C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2020-01-23]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2020-01-23]
ShortcutTarget: Lotus QuickStart.lnk -> C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
Startup: C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk [2020-01-23]
ShortcutTarget: Lotus SmartCenter.lnk -> C:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.) [File not signed]
Startup: C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk [2020-01-23]
ShortcutTarget: Lotus SuiteStart.lnk -> C:\lotus\smartctr\suitest.exe (Lotus Development Corporation.) [File not signed]
Startup: C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2022-02-11]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (Mobile Company -> )
BootExecute:
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07BCD4B3-FB05-40FD-A353-67DA4411EE1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {09363BA1-0232-4452-AF5B-C6928956D264} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {15070460-73A8-436A-B3E9-F7DB94128322} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1137496 2020-10-14] (HP Inc. -> HP Inc.)
Task: {31CB9867-2CF4-4134-B0AD-A3C1F945C5B8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {3966E899-6066-4F38-9A15-BF67921A5466} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {3EBAB69E-F385-43ED-ACD1-A8E7C2B481C4} - System32\Tasks\Tweaking.com - Remote Desktop IP Monitor & Blocker => C:\Program Files (x86)\Tweaking.com\Remote Desktop IP Monitor & Blocker\RDP_Monitor.exe [918424 2016-09-13] (Tweaking LLC -> Tweaking.com)
Task: {5659CA76-F3A0-4282-A1A4-1117B098DA62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56912976-8632-4DD7-8ECB-6566C4C08790} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {6231DFE0-5A09-424C-B4D5-3456902613D1} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
Task: {6806FD3B-4327-4CCE-B4F5-F406377D8724} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {6A4CAEB4-D3D6-4FE0-89C9-448CAD684F9F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F0D24E9-3C73-4D6E-941E-0A95146FA8E8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {73C0B14B-E73A-444D-8229-1C5BAD89126B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\hp0120\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-02-15] (ESET, spol. s r.o. -> ESET)
Task: {7CF748C7-D075-4B44-85F2-8E907E8A907D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1137496 2020-10-14] (HP Inc. -> HP Inc.)
Task: {83D8A5EF-5CAE-4BDE-959C-7D410A6AEE2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86A29CFA-89F9-4C17-A0BB-400891FB8189} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [143823848 2022-04-13] (Microsoft Windows -> Microsoft Corporation)
Task: {885FD17A-521B-4F66-8D14-E0A955A6DE72} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8C42B6AA-EA9F-4752-8CCE-6E616017F33F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-574674512-3745594869-3936497595-500 => C:\Users\hp0120\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {8ECDD426-9679-4936-A754-E167490CD003} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {9422C1BF-75EF-4044-9BA4-DA60F83F80C0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {96205245-EC27-4430-AE46-6FD07E565CBF} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {9BB1622B-7BF3-4803-B836-673E8FE1A6D9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {9CF95F2C-68E0-4B86-8389-4B6A44E03E09} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {9F3B735E-FBB9-4A0B-B072-4B53D52B9336} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\hp0120\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-02-15] (ESET, spol. s r.o. -> ESET)
Task: {A73F5E8C-BE2A-47C2-B849-74970E3F2C41} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {ABB42F4A-17DA-4BA8-ABE0-7C016BB6B1C3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF5C3CDF-D758-463A-8C26-C6D9583A1AF4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 6E86D364CC27A83E => C:\Users\hp0120\AppData\Local\Mozilla Firefox\default-browser-agent.exe do-task "6E86D364CC27A83E"
Task: {BA9CA55D-5141-406E-B507-358A6B6778E4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-574674512-3745594869-3936497595-500 => C:\Users\hp0120\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {C6FD0B89-939A-46B1-A746-6107127079AC} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {C87ACF67-5DF2-4216-92FB-7ABD91B4674A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-10-14] (HP Inc. -> HP Inc.)
Task: {CBD24617-B652-4404-876B-C159D4DF0C9B} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [66952 2019-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CE755EC5-EB5B-4D12-A5C2-9F2E66465D33} - System32\Tasks\Process Explorer-HP120C2-hp0120 => C:\USERS\HP0120\DOWNLOADS\SYSINTERNALSSUITE (2)\PROCEXP.EXE [2798456 2021-04-03] (Microsoft Corporation -> Sysinternals -
www.sysinternals.com)
Task: {E353041D-38B4-4DDD-8099-E087FF895F50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED65C9CD-37EB-4EB4-8400-16CD07818411} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F2852D81-D6F0-484C-84CE-FCC9FAEA7A2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4A204CB-78C6-404F-869D-BDA6EA174C64} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4CD12E4-397C-4BF3-9CBC-1747C2C65779} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {F6AC0570-2B7A-4428-ABE6-09366D755738} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {FC6A3EF8-86E1-4F3C-9B10-4AC2BCE06E34} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Remote Desktop IP Monitor & Blocker.job => C:\Program Files (x86)\Tweaking.com\Remote Desktop IP Monitor & Blocker\RDP_Monitor.exe/startup C:\Program Files (x86)\Tweaking.com\Remote Desktop IP Monitor & Blocker3Tweaking.com - Remote Desktop IP Monitor & Blocker>Created By Tweaking.com
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.49.1
Tcpip\..\Interfaces\{08153e4c-68cc-485c-8a33-bc0c74e2ad62}: [DhcpNameServer] 192.168.49.1
Tcpip\..\Interfaces\{b034fa45-b4bb-41a3-811f-7774c87450aa}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{be0083ca-4c6d-47b6-8e21-9443d083bc30}: [DhcpNameServer] 192.168.60.221
Tcpip\..\Interfaces\{c142374e-338f-4def-ba93-e31cd8f9a7a5}: [DhcpNameServer] 192.168.49.1
Edge:
=======
Edge Profile: C:\Users\hp0120\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\hp0120\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: fpqfweda.default
FF ProfilePath: C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\kybnxjs2.default-release-1 [2022-04-12]
FF ProfilePath: C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\fpqfweda.default [2022-04-11]
FF Extension: (Emsisoft Browser Security) - C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\fpqfweda.default\Extensions\{b21882eb-3211-44dc-964b-e6f35b33061f}.xpi [2021-07-25]
FF ProfilePath: C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225 [2022-04-13]
FF Session Restore: Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225 -> is enabled.
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225\Extensions\
jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-04-07]
FF Extension: (Startpage.com — Private Search Engine) - C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2021-08-29]
FF Extension: (NoScript) - C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-02]
FF Extension: (Delete browsing data directly from the browser toolbar. Clear cookies, history and cache with a single click.) - C:\Users\hp0120\AppData\Roaming\Mozilla\Firefox\Profiles\p0ve8lb4.default-release-1629501117225\Extensions\{ce9f4b1f-24b8-4e9a-9051-b9e472b1b2f2}.xpi [2021-08-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
S2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\AppHelperCap.exe [762888 2022-02-27] (HP Inc. -> HP Inc.)
S2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\DiagsCap.exe [760312 2022-02-27] (HP Inc. -> HP Inc.)
S2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\NetworkCap.exe [758280 2022-02-27] (HP Inc. -> HP Inc.)
S2 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
S2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\SysInfoCap.exe [761376 2022-02-27] (HP Inc. -> HP Inc.)
S2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-22] (HP Inc. -> HP Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108480 2018-10-25] (Alcorlink Corp. -> )
S3 cht4vbd; C:\WINDOWS\System32\drivers\cht4vx64.sys [0 2019-12-07] () <==== ATTENTION [zero byte File/Folder]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S3 MYFAULT; C:\WINDOWS\system32\drivers\myfault.sys [27848 2021-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals)
S3 PORTMON; C:\Users\hp0120\Downloads\SysinternalsSuite (2)\PORTMSYS.SYS [28656 2021-04-07] (Systems Internals) [File not signed]
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [92008 2021-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals -
www.sysinternals.com)
S3 pveth; C:\WINDOWS\System32\drivers\pveth.sys [44544 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Mobile Company)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
S3 GENERICDRV; \??\C:\Users\hp0120\AppData\Local\Temp\AMI\4.00\amifldrv64.sys [X] <==== ATTENTION
S3 MpKsl0ae9cb11; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85F063A7-50E3-49A1-9012-6D3910A2404D}\MpKslDrv.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error Reading file: "C:\Users\hp0120\Desktop\CONFID Rule 2 -pdf"
2022-04-13 12:09 - 2022-04-13 12:09 - 000000000 ___HD C:\$SysReset
2022-04-13 11:56 - 2022-04-13 12:05 - 000000000 ____D C:\Users\hp0120\Desktop\SYSNATIVE
2022-04-13 11:41 - 2022-04-13 11:42 - 002365952 _____ (Farbar) C:\Users\hp0120\Downloads\FRST64(1).exe
2022-04-13 11:21 - 2022-04-13 11:21 - 000000000 ___HD C:\$WinREAgent
2022-04-13 11:08 - 2022-04-13 11:50 - 000000000 ___HD C:\$WINDOWS.~BT
2022-04-13 10:29 - 2022-04-13 10:43 - 000000000 ___HD C:\$GetCurrent
2022-04-13 10:29 - 2022-04-13 10:43 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-04-13 09:59 - 2022-04-13 09:59 - 000000000 ____D C:\Users\hp0120\Wureset Windows 10
2022-04-13 09:59 - 2022-04-13 02:34 - 000001552 _____ C:\Users\hp0120\Wureset Windows 10.zip
2022-04-13 09:25 - 2022-04-13 10:15 - 000000000 ___RD C:\Users\hp0120\Mirror
2022-04-13 08:25 - 2022-04-13 10:00 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Toolkit
2022-04-13 03:15 - 2022-04-13 07:15 - 000000276 _____ C:\WINDOWS\WindowsUpdate.log.bak
2022-04-13 02:36 - 2022-04-13 02:36 - 000000000 ____D C:\Users\Administrator\Downloads\Wureset Windows 10
2022-04-13 02:34 - 2022-04-13 02:34 - 000001552 _____ C:\Users\Administrator\Downloads\Wureset Windows 10.zip
2022-04-13 00:10 - 2022-04-13 00:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2022-04-12 23:01 - 2022-04-12 23:01 - 000000000 ____D C:\Users\hp0120\AppData\Local\ElevatedDiagnostics
2022-04-12 21:09 - 2022-04-12 21:22 - 000000000 ____D C:\Users\hp0120\AppData\Local\Mozilla Firefox
2022-04-12 16:20 - 2022-04-12 16:25 - 001223044 _____ C:\WINDOWS\Minidump\041222-127796-01.dmp
2022-04-12 16:20 - 2022-04-12 16:20 - 1088100628 _____ C:\WINDOWS\MEMORY.DMP
2022-04-12 15:39 - 2022-04-12 15:39 - 002316112 _____ (niemiro) C:\Users\hp0120\Downloads\SFCFix.exe
2022-04-12 15:34 - 2022-04-12 15:34 - 000000018 _____ C:\repair_starting.dat
2022-04-12 15:14 - 2022-04-12 16:35 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.bak
2022-04-12 10:05 - 2022-04-12 10:05 - 000000000 _____ C:\Users\hp0120\sfcdetails.text
2022-04-12 08:14 - 2022-04-13 10:14 - 000036200 _____ (Sysinternals -
www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-04-12 08:01 - 2022-04-13 11:49 - 000000000 ____D C:\WINDOWS\Panther
2022-04-11 23:13 - 2022-04-12 00:10 - 000002482 _____ C:\Users\hp0120\Desktop\Rkill.txt
2022-04-11 23:01 - 2022-04-12 13:47 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-04-11 13:35 - 2022-04-11 13:35 - 000967495 _____ C:\Users\hp0120\Downloads\confid2006.pdf
2022-04-11 13:33 - 2022-04-11 13:33 - 001571277 _____ C:\Users\hp0120\Downloads\confid lat.pdf
2022-04-11 13:33 - 2022-04-11 13:33 - 001420049 _____ C:\Users\hp0120\Downloads\confid 2006.pdf
2022-04-11 13:23 - 2022-04-11 13:23 - 008540344 _____ (Malwarebytes) C:\Users\hp0120\Downloads\adwcleaner_8.3.1(1).exe
2022-04-11 13:22 - 2022-04-11 13:22 - 002443448 _____ (Malwarebytes) C:\Users\hp0120\Downloads\MBSetup.exe
2022-04-10 23:56 - 2022-04-10 23:56 - 000000748 _____ C:\Users\hp0120\Documents\Desktop - Shortcut (2).lnk
2022-04-08 16:28 - 2022-04-12 16:21 - 000500240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-06 12:08 - 2022-04-06 12:08 - 000282041 _____ C:\Users\hp0120\Downloads\confid 15969.pdf
2022-04-06 12:07 - 2022-04-06 12:07 - 000290319 _____ C:\Users\hp0120\Downloads\confid 159594.pdf
2022-04-06 12:07 - 2022-04-06 12:07 - 000290319 _____ C:\Users\hp0120\Downloads\confid 15959447.pdf
2022-04-06 12:04 - 2022-04-13 10:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-05 16:31 - 2022-04-05 16:31 - 000000000 ____D C:\ProgramData\SoundResearch
2022-04-05 16:29 - 2022-04-05 16:29 - 006956122 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2022-04-05 16:28 - 2022-04-05 16:28 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-04-05 16:28 - 2022-04-05 16:28 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2022-04-05 16:28 - 2022-04-05 16:28 - 000000000 ____D C:\Program Files\Realtek
2022-04-05 11:08 - 2022-04-12 09:56 - 000000000 ____D C:\Users\hp0120\Desktop\2022
2022-04-05 11:06 - 2022-04-05 11:09 - 000000000 ____D C:\Users\hp0120\Desktop\Silver
2022-04-04 20:44 - 2022-04-04 20:45 - 001690992 _____ (Goversoft LLC) C:\Users\hp0120\Downloads\shellbag_analyzer_cleaner.exe
2022-04-04 13:40 - 2022-04-04 13:40 - 000098531 _____ C:\Users\hp0120\Downloads\3500B-printable.pdf
2022-04-03 23:50 - 2022-04-03 23:50 - 000267453 _____ C:\Users\hp0120\Downloads\confid MDCC 5th depo
2022-04-03 23:44 - 2022-04-03 23:44 - 000267453 _____ C:\Users\hp0120\Downloads\FIFTH+AMENDED+NOTICE+OF+VIDEOTAPED+DEPOSITION+OF CONFID.PDF
2022-04-03 23:42 - 2022-04-03 23:42 - 000737621 _____ C:\Users\hp0120\Downloads\confid 1816Order.pdf
2022-04-03 23:34 - 2022-04-03 23:34 - 000418041 _____ C:\Users\hp0120\Downloads\confid CC 4222 Mo Sh
2022-04-03 23:16 - 2022-04-03 23:16 - 000166027 _____ C:\Users\hp0120\Downloads\Enrol.pdf
2022-04-03 22:59 - 2022-04-03 22:59 - 000071184 _____ C:\Users\hp0120\Downloads\Air.pdf
2022-03-30 14:46 - 2022-03-30 14:46 - 000411844 _____ C:\Users\hp0120\Downloads\pdfreader.ir3bX5+1BmnVLAebCaB6HLcw0CnSihi2PeiQYAVMKN9ZQwaNYLntSYCiTyp1t1ze6Jv8OEs+sh7q86FiFalDYvjjPzLEU3sxC3IZyniQy2+tJP1BeFbg7A==.pdf
2022-03-30 10:35 - 2022-03-30 10:51 - 000000000 ____D C:\Users\hp0120\Desktop\Vectors
2022-03-26 22:30 - 2022-03-26 22:37 - 000105202 _____ C:\Users\hp0120\Documents\HA AUCT DATA.pdf
2022-03-26 07:23 - 2022-03-26 07:23 - 000186527 _____ C:\Users\hp0120\Downloads\agencpdf
2022-03-26 07:23 - 2022-03-26 07:23 - 000186527 _____ C:\Users\hp0120\Downloads\agen(3).pdf
2022-03-25 20:48 - 2022-03-25 20:48 - 000737621 _____ C:\Users\hp0120\Downloads\Order(3).pdf
2022-03-25 20:48 - 2022-03-25 20:48 - 000417013 _____ C:\Users\hp0120\Downloads\DEFMO.PDF
2022-03-25 20:48 - 2022-03-25 20:48 - 000245322 _____ C:\Users\hp0120\Downloads\Motion2.PDF
2022-03-25 20:47 - 2022-03-25 20:47 - 000737621 _____ C:\Users\hp0120\Downloads\Moord.pdf
2022-03-25 20:47 - 2022-03-25 20:47 - 000417013 _____ C:\Users\hp0120\Downloads\pdf(21)
2022-03-25 20:47 - 2022-03-25 20:47 - 000267453 _____ C:\Users\hp0120\Downloads\5th.PDF
2022-03-25 20:44 - 2022-03-25 20:44 - 000129255 _____ C:\Users\hp0120\Downloads\Propo.PDF
2022-03-25 20:44 - 2022-03-25 20:44 - 000129255 _____ C:\Users\hp0120\Downloads\Propo(1).PDF
2022-03-25 20:43 - 2022-03-25 20:43 - 001067625 _____ C:\Users\hp0120\Downloads\JRMOSJ.PDF
2022-03-25 20:41 - 2022-03-25 20:41 - 001067625 _____ C:\Users\hp0120\Downloads\pdf(20)
2022-03-25 19:17 - 2022-03-25 19:17 - 000000000 ____D C:\Users\hp0120\Desktop\platform-tools
2022-03-25 19:16 - 2022-03-25 19:16 - 006331279 _____ C:\Users\hp0120\Downloads\platform-tools_r33.0.1-windows.zip
2022-03-25 16:29 - 2022-03-25 16:29 - 000417013 _____ C:\Users\hp0120\Downloads\pdf(19)
2022-03-25 16:27 - 2022-03-25 16:27 - 000245322 _____ C:\Users\hp0120\Downloads\MOMO
2022-03-25 16:00 - 2022-03-25 16:00 - 000223061 _____ C:\Users\hp0120\Downloads\99f.pdf
2022-03-25 15:52 - 2022-03-25 15:52 - 000214889 _____ C:\Users\hp0120\Downloads\Kephart.pdf
2022-03-25 15:52 - 2022-03-25 15:52 - 000214889 _____ C:\Users\hp0120\Downloads\Kephart (1).pdf
2022-03-24 23:40 - 2022-03-24 23:40 - 000354514 _____ C:\Users\hp0120\Downloads\terms-and-conditions.pdf
2022-03-24 22:20 - 2022-03-25 07:26 - 000209402 _____ C:\Users\hp0120\Documents\Supp Good.pdf
2022-03-24 22:13 - 2022-03-24 22:13 - 000105243 _____ C:\Users\hp0120\Documents\HA.pdf
2022-03-24 21:18 - 2022-03-24 21:18 - 000078182 _____ C:\Users\hp0120\Downloads\2017.pdf
2022-03-24 15:25 - 2022-03-24 15:25 - 000075497 _____ C:\Users\hp0120\Desktop\MOd.pdf
2022-03-24 15:22 - 2022-03-24 15:22 - 001494842 _____ C:\Users\hp0120\Downloads\LOS.pdf
2022-03-24 15:18 - 2022-03-24 15:18 - 000101555 _____ C:\Users\hp0120\Documents\Addr.pdf
2022-03-24 15:08 - 2022-03-24 15:08 - 000718476 _____ C:\Users\hp0120\Downloads\cor59.pdf
2022-03-24 15:08 - 2022-03-24 15:08 - 000156371 _____ C:\Users\hp0120\Downloads\cor59a.pdf
2022-03-24 15:05 - 2022-03-24 15:05 - 000659082 _____ C:\Users\hp0120\Downloads\Scheduleof.pdf
2022-03-24 15:04 - 2022-03-24 15:04 - 001494842 _____ C:\Users\hp0120\Downloads\Filing.pdf
2022-03-24 12:22 - 2022-03-24 21:54 - 000300459 _____ C:\Users\hp0120\Documents\Au.pdf
2022-03-23 22:25 - 2022-03-23 22:25 - 000000710 _____ C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\procexp64.lnk
2022-03-23 12:33 - 2022-03-23 12:33 - 000185612 _____ C:\Users\hp0120\Downloads\age(2).pdf
2022-03-22 21:32 - 2022-03-22 21:32 - 000267881 _____ C:\Users\hp0120\Downloads\SUgop.pdf
2022-03-21 14:49 - 2022-03-21 14:49 - 003728228 _____ C:\Users\hp0120\Downloads\3-21 - Law Firms Cybersecurity Attacks Exactly What To Do About It.pdf
2022-03-21 11:31 - 2022-03-21 11:31 - 000149348 _____ C:\Users\hp0120\Downloads\pdf(18)
2022-03-21 11:17 - 2022-03-21 11:17 - 000739013 _____ C:\Users\hp0120\Downloads\ORDGR.pdf
2022-03-21 11:16 - 2022-03-21 11:16 - 000149348 _____ C:\Users\hp0120\Downloads\pdf(17)
2022-03-21 11:15 - 2022-03-21 11:15 - 000116779 _____ C:\Users\hp0120\Downloads\R222Denied
2022-03-21 11:11 - 2022-03-21 11:11 - 000110876 _____ C:\Users\hp0120\Downloads\Rerv disc resp
2022-03-20 23:59 - 2022-03-20 23:59 - 000003290 _____ C:\WINDOWS\system32\Tasks\Process Explorer-HP120C2-hp0120
2022-03-20 23:48 - 2022-03-20 23:48 - 000000000 _____ C:\WINDOWS\system32\1000MB
2022-03-17 20:50 - 2022-03-17 20:50 - 000051033 _____ C:\Users\hp0120\Downloads\2-9 Valuation and Appraisal of Wine Collections.pdf
2022-03-17 20:33 - 2022-03-17 20:33 - 000899924 _____ C:\Users\hp0120\Downloads\combating_religious_discrimination_today_final_report_2016_0.pdf
2022-03-17 20:08 - 2022-03-17 20:08 - 007120389 _____ C:\Users\hp0120\Downloads\division_booklet.pdf
2022-03-17 20:08 - 2022-03-17 20:08 - 007120389 _____ C:\Users\hp0120\Downloads\divi(1).pdf
2022-03-17 20:08 - 2022-03-17 20:08 - 000467208 _____ C:\Users\hp0120\Downloads\beyond.pdf
2022-03-17 20:07 - 2022-03-17 20:07 - 001573906 _____ C:\Users\hp0120\Downloads\1710_0.pdf
2022-03-17 19:27 - 2022-03-17 19:27 - 000397484 _____ C:\Users\hp0120\Downloads\ebook.pdf
2022-03-17 17:45 - 2022-03-17 17:45 - 002482157 _____ C:\Users\hp0120\Downloads\bosto.pdf
2022-03-17 15:51 - 2022-03-17 15:51 - 000205823 _____ C:\Users\hp0120\Documents\0314.pdf
2022-03-17 15:47 - 2022-03-17 15:47 - 000195435 _____ C:\Users\hp0120\Documents\3142.pdf
2022-03-17 13:46 - 2022-03-17 13:46 - 000739013 _____ C:\Users\hp0120\Downloads\Ord
2022-03-17 13:40 - 2022-03-17 13:40 - 000116880 _____ C:\Users\hp0120\Downloads\pdf(16)
2022-03-17 13:22 - 2022-03-17 13:22 - 000081764 _____ C:\Users\hp0120\Downloads\pdf(15)
2022-03-17 12:19 - 2022-03-17 12:19 - 000121540 _____ C:\Users\hp0120\Documents\bbgpac2.pdf
2022-03-17 11:59 - 2022-03-17 11:59 - 000113113 _____ C:\Users\hp0120\Desktop\bbgPacific.pdf
2022-03-17 09:16 - 2022-03-26 22:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-03-17 09:14 - 2022-03-17 09:14 - 000378359 _____ C:\Users\hp0120\Documents\billy.pdf
2022-03-16 01:19 - 2022-03-16 01:19 - 000271847 _____ C:\Users\hp0120\Downloads\526(2).pdf
2022-03-16 01:14 - 2022-03-16 01:14 - 000271847 _____ C:\Users\hp0120\Downloads\526.pdf
2022-03-16 01:14 - 2022-03-16 01:14 - 000271847 _____ C:\Users\hp0120\Downloads\526(1).pdf
2022-03-15 20:33 - 2022-03-15 20:33 - 000256862 _____ C:\Users\hp0120\Downloads\Resized_202.jpeg
2022-03-15 20:33 - 2022-03-15 20:33 - 000256862 _____ C:\Users\hp0120\Downloads\Resized_202(1).jpeg
2022-03-15 17:51 - 2022-03-15 17:51 - 000657606 _____ C:\Users\hp0120\Downloads\Kagins_2021_ANA_NMS_Prices_Realized.pdf
2022-03-14 18:55 - 2022-03-22 21:13 - 000275073 _____ C:\Users\hp0120\Documents\133328.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-13 12:54 - 2021-03-19 07:33 - 000000000 ____D C:\Users\hp0120\AppData\Roaming\Toolkit
2022-04-13 12:17 - 2020-06-13 08:16 - 000000000 ____D C:\FRST
2022-04-13 12:05 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-13 11:46 - 2020-06-09 14:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-13 11:46 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-04-13 11:26 - 2020-01-22 18:44 - 000000000 ____D C:\Users\hp0120\AppData\LocalLow\Mozilla
2022-04-13 11:22 - 2020-01-18 08:48 - 000000000 ____D C:\Users\hp0120\AppData\Local\D3DSCache
2022-04-13 11:22 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-13 11:16 - 2020-07-04 18:21 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-13 11:16 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-13 11:16 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-13 11:07 - 2020-08-15 21:11 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2022-04-13 11:07 - 2020-08-15 21:11 - 000001890 _____ C:\WINDOWS\diagerr.xml
2022-04-13 11:06 - 2020-08-15 17:36 - 000000036 _____ C:\WINDOWS\progress.ini
2022-04-13 10:27 - 2020-08-15 21:12 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-13 10:27 - 2020-08-15 21:12 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-13 10:18 - 2020-02-10 17:29 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-04-13 10:14 - 2020-08-15 21:05 - 000845796 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-13 10:14 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-13 10:13 - 2020-08-16 12:01 - 000000000 ____D C:\Users\hp0120\AppData\Local\CrashDumps
2022-04-13 10:09 - 2020-08-15 21:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-13 10:09 - 2020-08-15 20:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-13 10:09 - 2020-01-22 18:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-13 10:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-13 10:06 - 2020-08-15 20:14 - 000000000 ____D C:\Users\hp0120
2022-04-13 10:06 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-13 09:42 - 2022-03-04 19:32 - 000000688 _____ C:\Users\hp0120\Desktop\SFCFix.txt
2022-04-13 09:42 - 2022-03-04 19:31 - 000000000 ____D C:\SFCFix
2022-04-13 09:41 - 2022-03-04 19:19 - 000000000 ____D C:\Users\hp0120\AppData\Local\niemiro
2022-04-13 09:29 - 2021-12-17 15:12 - 000001283 _____ C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-13 09:29 - 2021-10-08 10:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-13 09:29 - 2020-01-22 18:44 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-13 09:28 - 2022-02-10 22:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-13 09:16 - 2021-12-17 11:14 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2022-04-13 09:11 - 2021-04-01 22:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2022-04-13 09:03 - 2020-08-15 20:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-13 03:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2022-04-13 02:07 - 2021-09-10 00:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2022-04-12 23:44 - 2021-04-01 22:25 - 000000000 ____D C:\Users\Administrator
2022-04-12 21:22 - 2020-01-22 18:44 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-12 18:32 - 2020-02-10 17:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-04-12 16:26 - 2020-08-17 09:32 - 000000000 ____D C:\WINDOWS\Minidump
2022-04-12 15:13 - 2019-12-19 09:27 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-04-12 14:06 - 2020-01-18 08:48 - 000000000 ____D C:\Users\hp0120\AppData\Local\Packages
2022-04-12 14:01 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-04-12 14:01 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-12 13:02 - 2020-06-13 13:48 - 000845796 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-04-12 06:30 - 2021-04-01 22:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2022-04-12 06:12 - 2019-03-18 23:49 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_875
2022-04-12 04:22 - 2020-11-10 12:13 - 000000000 ____D C:\Users\hp0120\Desktop\computer
2022-04-11 23:00 - 2021-09-24 21:44 - 000000000 ____D C:\Program Files\RogueKiller
2022-04-11 14:08 - 2020-01-23 02:22 - 000000000 ____D C:\Users\hp0120\AppData\Roaming\Hewlett-Packard
2022-04-11 14:08 - 2019-06-01 03:30 - 000000000 ____D C:\ProgramData\HP
2022-04-11 13:32 - 2020-06-13 12:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-11 13:20 - 2020-05-27 21:27 - 000000000 ____D C:\Users\hp0120\AppData\Local\PrivaZer
2022-04-11 10:09 - 2021-02-08 15:39 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-04-11 01:13 - 2021-04-03 18:45 - 000000000 ____D C:\Users\hp0120\Downloads\SysinternalsSuite (2)
2022-04-11 00:03 - 2020-05-09 22:30 - 000000000 ____D C:\Users\hp0120\Downloads\HP Downloads
2022-04-10 23:33 - 2020-11-10 11:57 - 000000000 ____D C:\Users\hp0120\Desktop\ha
2022-04-10 21:10 - 2020-05-27 21:08 - 000000000 ____D C:\Users\hp0120\.dbus-keyrings
2022-04-10 12:44 - 2020-05-09 22:30 - 000024118 _____ C:\Users\hp0120\Downloads\MTB.txt
2022-04-10 08:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-04-08 16:45 - 2019-04-15 10:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-07 11:11 - 2021-04-16 15:01 - 000000000 ____D C:\Program Files\Microsoft Office
2022-04-05 20:29 - 2020-05-10 00:13 - 000000000 ____D C:\Users\hp0120\Desktop\RIKR
2022-04-05 11:08 - 2020-12-07 13:40 - 000000000 ____D C:\Users\hp0120\Desktop\Today
2022-04-05 07:46 - 2020-05-27 17:23 - 000000000 ____D C:\Users\hp0120\AppData\Roaming\Zoom
2022-03-28 18:04 - 2021-07-05 15:27 - 000000000 ____D C:\Users\hp0120\Desktop\1
2022-03-27 17:50 - 2022-02-15 22:59 - 000003846 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-03-27 17:50 - 2022-02-15 22:59 - 000003404 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-03-27 17:50 - 2022-02-15 21:44 - 000001386 _____ C:\Users\hp0120\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-03-25 07:38 - 2020-05-09 22:28 - 000000000 _____ C:\Users\hp0120\Documents\HPOJ6950_Fax_Port
2022-03-22 21:27 - 2021-05-10 13:12 - 000000000 ____D C:\Users\hp0120\Desktop\3328=2021
==================== Files in the root of some directories ========
2020-05-09 22:12 - 2020-05-01 08:36 - 000262144 _____ () C:\Users\Default\NTUSER (2).DAT
2022-04-13 09:59 - 2022-04-13 02:19 - 040656072 _____ (Microsoft Corporation) C:\Users\hp0120\windows-kb890830-x64-v5.100_39ac11b44ee409bd2e92ab441f958815f9241ae1.exe
2022-04-13 09:59 - 2022-04-13 02:33 - 003329456 _____ (Microsoft Corporation) C:\Users\hp0120\Windows10Upgrade9252.exe
2022-02-15 21:27 - 2022-02-15 21:27 - 000000036 _____ () C:\Users\hp0120\AppData\Local\housecall.guid.cache
2021-06-28 12:59 - 2021-06-28 12:59 - 000000218 _____ () C:\Users\hp0120\AppData\Local\recently-used.xbel
2020-05-08 21:17 - 2021-07-09 14:05 - 000007613 _____ () C:\Users\hp0120\AppData\Local\Resmon.ResmonCfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\SysWOW64\explorer.exe [2021-03-11] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\WINDOWS\system32\HologramWorld.dll [2021-01-15] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\WINDOWS\system32\Hydrogen.dll [2021-03-11] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\WINDOWS\system32\SRH.dll [2021-03-11] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\WINDOWS\system32\Drivers\cht4vx64.sys [2019-12-07] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\SysWOW64\explorer.exe
[2021-03-11 00:16] - [2021-03-11 00:16] - 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\SysWOW64\explorer.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <==== ATTENTION
==================== End of FRST.txt ========================
