Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2022 02 Ran by Karen (18-04-2022 05:12:42) Running from C:\Users\Karen\Desktop Microsoft Windows 11 Home Version 21H2 22000.613 (X64) (2022-03-21 06:22:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3156834934-4281094725-2595025550-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3156834934-4281094725-2595025550-503 - Limited - Disabled) Guest (S-1-5-21-3156834934-4281094725-2595025550-501 - Limited - Enabled) Karen (S-1-5-21-3156834934-4281094725-2595025550-1001 - Administrator - Enabled) => C:\Users\Karen WDAGUtilityAccount (S-1-5-21-3156834934-4281094725-2595025550-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Security Suite by F-Secure (Enabled - Up to date) {67E93A7F-FDB2-39E8-E991-EA71E0926EF7} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Creative Cloud Express (HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\90fd99daec83697fe68caebbe8ebd4dc) (Version: 1.0 - Google\Chrome) Chrome Remote Desktop Host (HKLM-x32\...\{78DF8F40-C9ED-4A18-B150-5314F42718CA}) (Version: 101.0.4951.13 - Google LLC) Fing 2.9.0 (HKLM\...\Fing Desktop) (Version: 2.9.0 - Fing Ltd) GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.397 - SecureMix LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC) HP Audio Switch (HKLM-x32\...\{0B1DA73D-0562-4DE1-B942-CEF286CF2EDD}) (Version: 1.0.211.0 - HP Inc.) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.44 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.1 - Mozilla) NirSoft RegScanner (HKLM-x32\...\NirSoft RegScanner) (Version: - ) NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.3.3 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden Private Win10 (HKLM\...\PrivateWin10) (Version: 0.85 - David Xanatos) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) Security Suite (HKLM-x32\...\{235B3536-A54E-4072-905F-FEFC431CEB2C}) (Version: 18.2 - F-Secure Corporation) Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Packages: ========= HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.26.249.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) HP Enhanced Lighting -> C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.2.13.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.9180.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-27] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.15.66.0_x64__v10z8vjag6ke6 [2022-04-03] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.2.15.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) [Startup Task] Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.3444.0_x64__8wekyb3d8bbwe [2022-03-31] (Microsoft Corporation) [Startup Task] Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.418.354.693_neutral__8wekyb3d8bbwe [2022-04-18] (Microsoft Corporation) Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2203.40000.1.0_x64__8wekyb3d8bbwe [2022-04-18] (Microsoft Corp.) [Startup Task] WinRAR -> C:\Program Files\WinRAR [2022-04-18] (0) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3156834934-4281094725-2595025550-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Charter Security Suite\FsShellExtension64.dll [2022-03-24] (F-Secure Corporation -> F-Secure Corporation) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-03-14] (Notepad++ -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-13] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-13] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Karen\Desktop\Adobe Creative Cloud Express.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hchlbinpgfcbjninapbcpmmaegbdpcea ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adobe Creative Cloud Express.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hchlbinpgfcbjninapbcpmmaegbdpcea ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7f5250881a137909\uBlock Origin.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cjpalhdlnbpafiamejdnhcphjbkeiagm ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe offers.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103_NW&RedeemCode=wglzqxBP3HokigI6xYMMSwzx8cg3qbJvlLaTCf5medpP2f8Sd3Lsbk%2fDnHuaAR8o%2bf6cnJzinDmq5HvlNlNjBb86wK6SRLDJAnRQjj%2fpatIL3LTXGI%2bPG4zkm8JORNOVchK29fBsEgdRllPoWcjxRRT8iW7w86JkdCtE1YQX4R4%3d ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge ==================== Loaded Modules (Whitelisted) ============= 2022-04-07 08:22 - 2022-04-07 08:22 - 002487808 _____ () [File not signed] [File is in use] C:\Program Files\PrivateWin10\x64\Microsoft.O365.Security.Native.ETW.dll 2022-04-18 05:01 - 2022-04-18 05:01 - 000637440 _____ () [File not signed] \\?\C:\Users\Karen\AppData\Local\Temp\49cd5988-afeb-48a1-af7d-32c29bc8b010.tmp.node 2022-03-31 16:27 - 2022-03-28 05:05 - 000459264 _____ () [File not signed] C:\Program Files\Fing\swiftshader\libegl.dll 2022-03-31 16:27 - 2022-03-28 05:05 - 003217920 _____ () [File not signed] C:\Program Files\Fing\swiftshader\libglesv2.dll 2022-01-27 00:29 - 2022-01-27 00:29 - 000009216 _____ () [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\ImagePipelineNative.dll 2022-02-20 21:55 - 2022-02-20 22:20 - 000107008 _____ (Facebook, Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\yoga.dll 2022-01-27 00:29 - 2022-01-27 00:29 - 000014848 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\NativeRpcClient.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https64.dll [2022-04-05] (F-Secure Corporation -> F-Secure Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-03-28] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-23] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https.dll [2022-04-05] (F-Secure Corporation -> F-Secure Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-03-28] (HP Inc. -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 07:08 - 2022-03-25 03:55 - 000000826 ____N C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\Control Panel\Desktop\\Wallpaper -> C:\LighhouseRocky\20220407_072138.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "MTPW" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "GlassWire" HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "com.fing.app" HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "com.squirrel.MightyText.MightyText" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1FCFDFD0-B2C0-4030-9276-BC56C90A79C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{1EFFE6F4-924F-47F6-B70A-F544BB423080}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{14DC85B6-E8AD-49B1-9FF7-393ECDA114B5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E0D3306F-CE3B-45A8-B707-7960CA34B957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3A0076A0-1053-44CB-9FED-6603E8DA4FB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A4408643-4A2B-49B9-93DA-E5AB1513300B}] => (Block) C:\Program Files (x86)\Windows Media Player\wmplayer.exe => No File FirewallRules: [{EC59C63C-FAE8-41D6-92A8-6B7EE5E48F76}] => (Block) C:\Program Files (x86)\Windows Media Player\wmplayer.exe => No File FirewallRules: [{79763C9D-92D9-4510-9812-41320801D866}] => (Block) c:\program files\windowsapps\microsoft.windowsmaps_11.2202.6.0_x64__8wekyb3d8bbwe\maps.exe () [File not signed] FirewallRules: [{8BEB3413-3BC5-42ED-AF89-5E0FE5341DA1}] => (Block) c:\program files\windowsapps\microsoft.windowsmaps_11.2202.6.0_x64__8wekyb3d8bbwe\maps.exe () [File not signed] FirewallRules: [{E884382E-06EB-4E33-8C10-B27CFB0AE35A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\101.0.4951.13\remoting_host.exe (Google LLC -> Google LLC) FirewallRules: [{0CF584DD-08F7-4349-A02D-34E2EFE71515}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{F338A1D2-D3FD-431E-918E-7183998F7D43}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E028D577-2FEB-4204-8094-93DEDB890F73}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2203.40000.1.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe () [File not signed] ==================== Restore Points ========================= 11-04-2022 04:40:27 Windows Modules Installer 12-04-2022 18:07:44 Windows Modules Installer 13-04-2022 08:19:48 Windows Modules Installer 13-04-2022 08:20:43 Windows Modules Installer 18-04-2022 01:14:40 ThisIsWin11 4/18/2022 1:14:40 AM 18-04-2022 01:15:39 Windows Modules Installer 18-04-2022 01:15:46 Windows Modules Installer 18-04-2022 03:39:55 ThisIsWin11 4/18/2022 3:39:54 AM ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/18/2022 05:00:53 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\HPPC$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Mon, 18 Apr 2022 10:00:54 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 742f065d-dd0d-4c3d-b237-b586497a8978 Method: GET(407ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/18/2022 04:58:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x18a4 Faulting application start time: 0x01d852ffb0c3676e Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 10437989-8f75-40cb-bf0b-bcfc6b5b633d Faulting package full name: Faulting package-relative application ID: Error: (04/18/2022 03:38:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x2ab8 Faulting application start time: 0x01d852ca31a293c7 Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 8b626fa0-d693-458e-8cd0-eab98e24033d Faulting package full name: Faulting package-relative application ID: Error: (04/17/2022 09:15:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x2080 Faulting application start time: 0x01d852c3f7e580bf Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 562be43e-acfe-4181-94f3-fecf3fd32a02 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2022 08:30:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x38f4 Faulting application start time: 0x01d852ba9b2880ac Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 5dd4c2c0-e793-4048-8dde-e8def6fd6508 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2022 07:23:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x3ff4 Faulting application start time: 0x01d852a565df63a4 Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 31c18b0f-98b0-42af-9bb7-65ee3baeb7f9 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2022 04:52:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x49b8 Faulting application start time: 0x01d852701fff01e2 Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: a5919c0c-59d8-4333-80f2-febe226f8fc8 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2022 10:30:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624 Exception code: 0x40000015 Fault offset: 0x000e439e Faulting process id: 0x1ce4 Faulting application start time: 0x01d8522e5a4428f7 Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe Report Id: 1b9cee4a-b248-4ae0-bdec-98a37aabb83c Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/18/2022 05:00:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMSP service failed to start due to the following error: Insufficient system resources exist to complete the requested service. Error: (04/18/2022 04:58:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fing.Agent service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (04/18/2022 04:58:55 AM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1CA66196-4D0C-44BE-9E29-12293B2C3645} because another computer on the network has the same name. The server could not start. Error: (04/18/2022 03:38:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fing.Agent service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (04/18/2022 03:38:27 AM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1CA66196-4D0C-44BE-9E29-12293B2C3645} because another computer on the network has the same name. The server could not start. Error: (04/18/2022 03:38:27 AM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3D1E5312-15BD-4E3D-8ABC-D0A8B8AF0873} because another computer on the network has the same name. The server could not start. Error: (04/18/2022 03:38:25 AM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3D1E5312-15BD-4E3D-8ABC-D0A8B8AF0873} because another computer on the network has the same name. The server could not start. Error: (04/17/2022 09:15:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fing.Agent service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Windows Defender: ================ Date: 2022-04-04 21:00:14 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-03 17:25:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-03 15:34:58 Description: C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access. Detection time: 2022-04-03T20:34:58.485Z Path: %userprofile%\Documents Process Name: C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe Security intelligence Version: 1.361.1246.0 Engine Version: 1.1.19000.8 Product Version: 4.18.2202.4 Date: 2022-04-01 02:08:03 Description: C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access. Detection time: 2022-04-01T07:08:03.189Z Path: %userprofile%\Videos Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: 1.361.1116.0 Engine Version: 1.1.19000.8 Product Version: 4.18.2202.4 Date: 2022-04-01 02:04:38 Description: C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access. Detection time: 2022-04-01T07:04:38.095Z Path: %userprofile%\Videos Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: 1.361.1074.0 Engine Version: 1.1.19000.8 Product Version: 4.18.2202.4 Event[0] Date: 2022-04-01 12:28:48 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2022-04-01 11:33:36 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.361.1138.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19000.8 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2022-04-01 11:23:35 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2022-04-01 11:23:11 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2022-03-27 23:40:10 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.361.859.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19000.8 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2022-04-18 05:07:49 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements. Date: 2022-04-18 05:03:43 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: AMI F.21 09/17/2021 Motherboard: HP 87D6 Processor: AMD Ryzen 3 4300G with Radeon Graphics Percentage of memory in use: 48% Total physical RAM: 7556.42 MB Available physical RAM: 3908.89 MB Total Virtual: 19332.42 MB Available Virtual: 15306.99 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:237.63 GB) (Free:150.42 GB) NTFS \\?\Volume{1535d5ac-2c24-442f-a7bf-3fdd0fc28b5b}\ (Windows RE tools) (Fixed) (Total:0.57 GB) (Free:0.06 GB) NTFS \\?\Volume{beaf7cb5-36fc-412a-800f-1da46d570e6d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: B7D576A5) Partition: GPT. ==================== End of Addition.txt =======================