I returned from work to my mother frantically asking me to fix her laptop. I'm not sure if she downloaded something, or what she did, but the screen had locked with an open message about some virus infection and there was an audible message about her IP being used for nefarious purposes or something.
I Ctrl-Alt-Del and closed down whatever program was open. Then downloaded mbam and ran that - it removed 5 malware (report listed below)
I then ran a windows defender check, but it found nothing.
If you could help, that'd be greatly appreciated.
PUP.Optional.DriverReviver, C:\USERS\RUTHC\DOWNLOADS\DRIVERREVIVERSETUP_PPC4.EXE, No Action By User, 4021, 462815, 1.0.56537, , ame, , 21F2A5C5C23D7C559235A364C9C756BC, 1FF8F669041F2551FB357795CB2B00B916D4D5816AAB19F6DE344CA02C479ECA
PUP.Optional.DriverReviver, C:\USERS\RUTHC\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (2).EXE, No Action By User, 4021, 462815, 1.0.56537, , ame, , C6B26902500449B19F7B56852DFFC148, B4412A873B816F9E8C9DC89FD7BBCF52F78B53478295B3F0651465135ACD231B
PUP.Optional.DriverReviver, C:\USERS\RUTHC\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (3).EXE, No Action By User, 4021, 462815, 1.0.56537, , ame, , C6B26902500449B19F7B56852DFFC148, B4412A873B816F9E8C9DC89FD7BBCF52F78B53478295B3F0651465135ACD231B
PUP.Optional.DriverReviver, C:\USERS\RUTHC\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (1).EXE, No Action By User, 4021, 462815, 1.0.56537, , ame, , C6B26902500449B19F7B56852DFFC148, B4412A873B816F9E8C9DC89FD7BBCF52F78B53478295B3F0651465135ACD231B
PUP.Optional.WinZipDriverUpdater, C:\USERS\RUTHC\DOWNLOADS\WZDU53.EXE, No Action By User, 1732, 484645, 1.0.56537, , ame, , C629D2EA3096BDA8991F4EDA48358F55, 50E5E5ECDA4467B0AF8B1F5597AF8E1B2121489DB633EA081F1A94A5483E949A
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2022 01
Ran by ruthc (administrator) on LAPTOP-21SARBCO (HP HP Laptop 14s-fq0xxx) (28-06-2022 17:20:21)
Running from C:\Users\ruthc\OneDrive\Desktop
Loaded Profiles: ruthc
Platform: Microsoft Windows 11 Home Version 21H2 22000.739 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6\win32\HPAudioSwitch.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22147.303.1400.1220_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.37\msedgewebview2.exe <12>
(DriverStore\FileRepository\u0375335.inf_amd64_7de275617d9da25a\B374868\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0375335.inf_amd64_7de275617d9da25a\B374868\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2204.12.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0375335.inf_amd64_7de275617d9da25a\B374868\atiesrxx.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a6e24179070178de\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\SysInfoCap.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6\HP.MyHP.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ruthc\AppData\Local\Microsoft\OneDrive\22.121.0605.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2204.6.0_x64__8wekyb3d8bbwe\ScreenSketch.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.425.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe [3496544 2022-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2022-01-22] (HP Inc.) [File not signed]
HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2022-01-22] (HP Inc.) [File not signed]
HKU\S-1-5-21-2388426293-319619428-3289471441-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2022-01-22] (HP Inc.) [File not signed]
HKU\S-1-5-21-2388426293-319619428-3289471441-1001\...\Run: [MicrosoftEdgeAutoLaunch_68EB7EF85583FD10115C5F979EE00ED2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2022-06-28]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0062E574-4BF0-4B80-AC82-A259DB1702ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148048 2022-05-31] (HP Inc. -> HP Inc.)
Task: {47A77A86-5C9B-4DAF-9CDD-00A48A4D44A8} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {4FFC1F2C-F5B0-49A5-BA65-FFDA4562F4F3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A8DF0F6-8B6C-4EE5-89A0-0B3C3FC76117} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A94A5B2-DDE6-4227-A62E-01F544467742} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {A68DA446-CA5B-4443-83DF-F93B94B65A8C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8D38D39-E5FF-4D00-ABC5-9213B3E7AE87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2022-05-31] (HP Inc. -> HP Inc.)
Task: {ADA2D89B-F91C-4787-8638-4C0221621717} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148048 2022-05-31] (HP Inc. -> HP Inc.)
Task: {C6CE3521-4F58-4D16-AF7F-241648221132} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA86C737-2081-46F5-9555-96FF9A0F3146} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [411280 2022-05-31] (HP Inc. -> HP Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D05E31D8-1103-4DFE-B292-BF4AB436C182} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4b3be7a7-0662-4492-af97-061a88061663}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ruthc\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-28]
Edge DefaultSearchURL: Default -> hxxps://find.searchtoolshub.com?a811fc667f160ba97f5770beaa1eec28=H1xAXFNGX1xZVlQNEQQwBw9cQ1pRR1heXVRKXFVCWltcVFQJDB0LU1pWSi4nNikoW1FKWlEyX19bUEJcPkRfXls%252BQlxRRDBeW1FCM1k3Kl00WTdcVStfXypQLSlVNVtAXVVEL1lELlxaVkte&q={searchTerms}
Edge DefaultSearchKeyword: Default -> find.searchtoolshub.com
Edge DefaultSuggestURL: Default -> hxxps://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0004051656432248mcinstcleanup; C:\ProgramData\McInstTemp0004051656432248\McInst.exe [913112 2022-02-18] (McAfee, LLC -> McAfee, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988384 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\AppHelperCap.exe [764448 2022-03-30] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\DiagsCap.exe [763480 2022-03-30] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\NetworkCap.exe [759336 2022-03-30] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64\x64\SysInfoCap.exe [762904 2022-03-30] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a6e24179070178de\x64\TouchpointAnalyticsClientService.exe [497328 2022-03-30] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-28] (Malwarebytes Inc. -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]
S3 mfevtp; no ImagePath
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_4f059863a425c74d\amdacpafd.sys [356328 2021-12-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0375335.inf_amd64_7de275617d9da25a\B374868\amdkmdag.sys [80558960 2022-01-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-09-17] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2022-01-22] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2022-01-22] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [111960 2022-05-11] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74680 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-06-28] (Malwarebytes Inc. -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
S0 cfwids; system32\drivers\cfwids.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfeplk; system32\drivers\mfeplk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-28 17:19 - 2022-06-28 17:20 - 000000000 ____D C:\FRST
2022-06-28 17:10 - 2022-06-28 17:10 - 000074680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-28 17:09 - 2022-06-28 17:09 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-28 17:09 - 2022-06-28 17:09 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-28 17:09 - 2022-06-28 17:09 - 000000000 ____D C:\Users\ruthc\AppData\Local\mbam
2022-06-28 17:08 - 2022-06-28 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-28 17:08 - 2022-06-28 17:08 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-28 17:05 - 2020-07-10 20:46 - 000708400 _____ (gamigo, Inc.) C:\ProgramData\uninstall314673.exe
2022-06-28 17:04 - 2022-06-28 17:04 - 000000000 ____D C:\ProgramData\McInstTemp0004051656432248
2022-06-28 10:59 - 2022-06-28 10:59 - 000519653 _____ C:\Users\ruthc\Downloads\RC ATR June 2022.pdf
2022-06-28 10:59 - 2022-06-28 10:59 - 000412370 _____ C:\Users\ruthc\Downloads\RC Agenda Conference Call Review Meeting 2022.pdf
2022-06-26 22:16 - 2022-06-27 18:53 - 000021596 _____ C:\Users\ruthc\OneDrive\Documents\Dissapearing pinwheel quilt..odt
2022-06-26 21:36 - 2022-06-26 21:36 - 000001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.12.lnk
2022-06-26 21:36 - 2022-06-26 21:36 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.12
2022-06-26 21:25 - 2022-06-26 21:35 - 135098488 _____ (Apache Software Foundation) C:\Users\ruthc\Downloads\Apache_OpenOffice_4.1.12_Win_x86_install_en-GB.exe
2022-06-17 17:37 - 2022-06-17 17:37 - 000000000 _____ C:\Users\ruthc\OneDrive\Documents\quilt label.txt
2022-06-16 16:15 - 2022-06-16 16:54 - 000022020 _____ C:\Users\ruthc\OneDrive\Documents\quilt label modern.odt
2022-06-16 15:07 - 2022-06-16 15:07 - 000000000 ____D C:\Users\ruthc\OneDrive\Documents\New folder
2022-06-15 18:55 - 2022-06-15 18:55 - 000614400 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-15 18:55 - 2022-06-15 18:55 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-06-15 18:55 - 2022-06-15 18:55 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-06-15 18:55 - 2022-06-15 18:55 - 000299008 _____ C:\WINDOWS\system32\EsclScan.dll
2022-06-15 18:55 - 2022-06-15 18:55 - 000180224 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-06-15 18:55 - 2022-06-15 18:55 - 000015042 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-15 18:54 - 2022-06-15 18:54 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-06-15 18:51 - 2022-06-15 18:51 - 000000000 ___HD C:\$WinREAgent
2022-06-13 11:56 - 2022-06-13 11:56 - 000699617 _____ C:\Users\ruthc\Downloads\the-festival-of-quilts-hall-9-entry-tickets-80094792.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-28 17:10 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-06-28 17:09 - 2022-01-18 18:51 - 000000000 ____D C:\Users\ruthc\AppData\Local\D3DSCache
2022-06-28 17:09 - 2021-06-05 13:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-28 17:06 - 2022-01-18 18:50 - 000000000 ____D C:\Users\ruthc\AppData\Local\Packages
2022-06-28 17:06 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-06-28 17:06 - 2021-03-13 20:28 - 000000000 ____D C:\ProgramData\Packages
2022-06-28 17:05 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-28 17:05 - 2021-03-13 20:36 - 000000000 ____D C:\ProgramData\McAfee
2022-06-28 17:05 - 2021-03-13 20:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
2022-06-28 17:04 - 2021-06-05 13:09 - 000000000 ____D C:\WINDOWS\INF
2022-06-28 17:04 - 2021-06-05 13:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-06-28 17:04 - 2021-03-13 20:36 - 000000000 ____D C:\Program Files\Common Files\McAfee
2022-06-28 17:03 - 2021-03-13 20:34 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2022-06-28 17:02 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-28 16:49 - 2022-01-18 18:52 - 000000000 ____D C:\Users\ruthc\AppData\Local\PlaceholderTileLogoFolder
2022-06-28 16:48 - 2022-01-22 22:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-06-28 14:27 - 2022-01-18 18:52 - 000000000 ___RD C:\Users\ruthc\OneDrive
2022-06-27 21:26 - 2022-01-22 22:26 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2388426293-319619428-3289471441-1001
2022-06-27 21:26 - 2022-01-22 22:26 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2388426293-319619428-3289471441-1001
2022-06-27 21:26 - 2022-01-18 18:46 - 000002386 _____ C:\Users\ruthc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-27 21:23 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-26 21:36 - 2022-01-22 14:44 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2022-06-25 13:09 - 2020-11-20 06:48 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-25 13:09 - 2020-11-20 06:48 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-06-21 10:41 - 2020-05-06 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-21 10:31 - 2022-01-22 22:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-21 10:31 - 2020-05-06 09:58 - 000012288 ___SH C:\DumpStack.log.tmp
2022-06-20 18:50 - 2022-01-22 21:01 - 000000000 ____D C:\Users\ruthc
2022-06-18 17:51 - 2020-11-20 06:58 - 000000000 ____D C:\Program Files\Microsoft Office
2022-06-17 20:02 - 2022-01-22 22:26 - 000854410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-17 17:47 - 2021-06-05 13:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-17 16:58 - 2022-01-22 13:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-17 16:57 - 2022-01-22 13:45 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-15 22:02 - 2022-01-22 22:21 - 000620968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-15 22:02 - 2021-06-05 18:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-06-15 22:02 - 2021-06-05 18:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\id-ID
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-15 22:02 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-15 22:02 - 2021-03-13 20:36 - 000000000 ____D C:\Program Files (x86)\McAfee
2022-06-15 18:54 - 2022-01-22 22:26 - 003101184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-15 10:14 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2022-06-11 19:56 - 2022-01-26 15:57 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d80fd6690b9a31
2022-06-11 19:56 - 2022-01-22 22:26 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-07 13:59 - 2022-01-22 22:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
==================== Files in the root of some directories ========
2022-06-28 17:05 - 2020-07-10 20:46 - 000708400 _____ (gamigo, Inc.) C:\ProgramData\uninstall314673.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2022 01
Ran by ruthc (28-06-2022 17:21:18)
Running from C:\Users\ruthc\OneDrive\Desktop
Microsoft Windows 11 Home Version 21H2 22000.739 (X64) (2022-01-22 21:37:02)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2388426293-319619428-3289471441-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2388426293-319619428-3289471441-503 - Limited - Disabled)
Guest (S-1-5-21-2388426293-319619428-3289471441-501 - Limited - Disabled)
ruthc (S-1-5-21-2388426293-319619428-3289471441-1001 - Administrator - Enabled) => C:\Users\ruthc
WDAGUtilityAccount (S-1-5-21-2388426293-319619428-3289471441-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2388426293-319619428-3289471441-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
OpenOffice 4.1.12 (HKLM-x32\...\{E9F3BF94-AA18-42B6-8B6D-245BBF585C8C}) (Version: 4.112.9809 - Apache Software Foundation)
PDFHub (HKU\S-1-5-21-2388426293-319619428-3289471441-1001\...\PDFHub) (Version: 1.0 - PDFHub)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2388426293-319619428-3289471441-1001\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-03-13] (Amazon.com)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.10043.0_x64__0a9344xs7nr4m [2022-04-12] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.51091.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.8.0_x64__xbfy0k16fey96 [2022-05-01] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-03-13] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.29.257.0_x64__v10z8vjag6ke6 [2022-04-07] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.1.0_x64__v10z8vjag6ke6 [2022-03-11] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-01-22] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.9180.0_x64__v10z8vjag6ke6 [2022-03-03] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-01] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.17.31.0_x64__v10z8vjag6ke6 [2022-06-07] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-01-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-07] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.72.51601.0_x64__8wekyb3d8bbwe [2022-06-10] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10615.423.0_x64__8wekyb3d8bbwe [2022-06-20] (Microsoft Corporation)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6 [2022-06-16] (HP Inc.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-18] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2022-01-22] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0 [2022-06-26] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-28] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=LjWFD%2b2MAOBBaqAih8mLzO8xHawRDaYYznH5kKyccbyakTJhU3tBPfVk0KfEMKJV6vhvt1OQWppMchnU4OUWQGlHvMS8RtgesPgRYJYxEqmYdNBO6ijyegCjMgIxnrNhjc4PeNUzIDuHGSrKM0FWLEKY4JxsToehDIE7NCgUW7w%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utomik - Play over 1000 games.lnk -> C:\Program Files (x86)\Online Services\Utomik\WizLink.exe () -> hxxps://www.utomik.com/hp_desktop
==================== Loaded Modules (Whitelisted) =============
2022-06-20 20:28 - 2022-06-20 20:28 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4a3769626565d5b38994a350ecd077f7\Interop.IWshRuntimeLibrary.ni.dll
2022-04-06 08:20 - 2022-04-06 08:20 - 000598016 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll
2022-04-06 08:20 - 2022-04-06 08:20 - 000555520 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll
2022-06-20 20:27 - 2022-06-20 20:27 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\048cc93f8fbad6787c3b146860a63190\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-03-13 20:34 - 2021-03-13 20:34 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2022-06-20 20:28 - 2022-06-20 20:28 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\89989f0af086613020f5536a81d2cb29\NAudio.ni.dll
2020-11-20 06:58 - 2020-11-20 06:58 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-11-20 06:58 - 2020-11-20 06:58 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2022-06-20 20:28 - 2022-06-20 20:28 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\10ca0de79d4d77d8d4605c4008e737d0\Newtonsoft.Json.ni.dll
2022-06-20 20:27 - 2022-06-20 20:27 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6624297264fd20d5b7f17b66820eb3dc\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> {C66264D2-B2B4-4FD3-9F81-08AE876DAF91} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C66264D2-B2B4-4FD3-9F81-08AE876DAF91} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2388426293-319619428-3289471441-1001 -> {C66264D2-B2B4-4FD3-9F81-08AE876DAF91} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-05-31] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-05-31] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2388426293-319619428-3289471441-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CBDA2712-2D53-41A5-8E6F-C178112146CE}] => (Allow) C:\Users\ruthc\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{031D6228-CC2C-4BDE-B79C-5DDEACDF2E27}] => (Allow) C:\Users\ruthc\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{44D2E955-6EF4-464E-B8FE-FE04D1BD972E}] => (Allow) C:\Users\ruthc\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A4F934F8-F34D-4E99-87A2-DB1045A72386}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{6AB9BB49-8B29-4217-BDC7-506755A45179}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EFF8B6E-1D2F-4D51-AB75-1DFEB19E60AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EA2BD7E-FB0A-4078-9BA8-1AA649A1F6EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8A80CCF-ACD8-4385-A1BB-A14DE599B2CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB0882FA-4811-4E92-B2BB-E7C7F011E918}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BE04408-8A26-4141-9576-1222EBF15C24}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22147.303.1400.1220_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5B6B941-E2CD-46CA-9434-A2B08AB5879E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22147.303.1400.1220_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BDEF23B-4243-46BD-8CBC-41A269882F9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2C0C3475-406B-48A6-B37C-FDFF0C38E0AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4D59F1E-27CC-4DC9-930C-7A3B88415EAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A7FB468-918A-4D40-BF21-EA1A43FF17CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38B8FF5F-5171-483F-AA22-D7D252733D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28ECBF1E-FF6B-4336-8461-1BFF193253C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74D81DC1-52D1-44D4-B4B6-EB2DDA06A49D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9717A48-E55C-4DCD-B86D-1123654C0F82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.188.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4F425F7B-5D1A-4286-8D1B-FDCE4E7358AC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
26-06-2022 12:37:14 Scheduled Checkpoint
27-06-2022 21:22:54 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/27/2022 06:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniSearchHost.exe, version: 421.22500.3075.0, time stamp: 0x624de781
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process ID: 0x2cd8
Faulting application start time: 0x01d88a4e2565142a
Faulting application path: C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report ID: 9afd8757-baae-4be6-ac1c-a5a388cd5600
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22000.739.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: MiniSearchUI
Error: (06/26/2022 09:22:03 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {72858CDC-95D7-4F28-BC97-E02B338F7773}
Error: (06/26/2022 09:21:15 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {72858CDC-95D7-4F28-BC97-E02B338F7773}
Error: (06/26/2022 06:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HxOutlook.exe version 16.0.14326.20970 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 5b4
Start Time: 01d889818260e1f0
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
Report Id: ea9c6e99-8000-4bab-aeb3-4036f26ada6b
Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.windowslive.mail
Hang type: Quiesce
Error: (06/25/2022 08:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniSearchHost.exe, version: 421.22500.3075.0, time stamp: 0x624de781
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process ID: 0x1f50
Faulting application start time: 0x01d888cc98d29427
Faulting application path: C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report ID: 199a8373-718d-4e9f-9346-973cf14c0cd7
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22000.739.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: MiniSearchUI
Error: (06/24/2022 01:54:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniSearchHost.exe, version: 421.22500.3075.0, time stamp: 0x624de781
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process ID: 0x3eac
Faulting application start time: 0x01d887c99993eb10
Faulting application path: C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report ID: 1e3db106-4dcf-4d4c-9c9c-2f5c50486ed9
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22000.739.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: MiniSearchUI
Error: (06/23/2022 01:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PrintWorkflowUserSvc, version: 10.0.22000.527, time stamp: 0xe6f2ec65
Faulting module name: combase.dll, version: 10.0.22000.708, time stamp: 0x9e680117
Exception code: 0xc0000602
Fault offset: 0x0000000000034c11
Faulting process ID: 0x97c
Faulting application start time: 0x01d886ff8ac349a4
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report ID: 7a839927-5977-4ca8-aa25-95e183e6511e
Faulting package full name:
Faulting package-relative application ID:
Error: (06/20/2022 08:28:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniSearchHost.exe, version: 421.22500.3075.0, time stamp: 0x624de781
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process ID: 0x1d00
Faulting application start time: 0x01d884dbe8ec13e3
Faulting application path: C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report ID: 2b37350e-cc16-4bf1-90f4-964b286b0b9f
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22000.739.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: MiniSearchUI
System errors:
=============
Error: (06/28/2022 02:27:03 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4B3BE7A7-0662-4492-AF97-061A88061663} because another computer on the network has the same name. The server could not start.
Error: (06/28/2022 02:26:57 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {3bca86fa-3f98-4285-8d04-31ddda2dbe69}, had event 74
Error: (06/28/2022 10:22:01 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4B3BE7A7-0662-4492-AF97-061A88061663} because another computer on the network has the same name. The server could not start.
Error: (06/28/2022 10:21:57 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {3bca86fa-3f98-4285-8d04-31ddda2dbe69}, had event 74
Error: (06/27/2022 10:18:19 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
Error: (06/27/2022 06:48:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4B3BE7A7-0662-4492-AF97-061A88061663} because another computer on the network has the same name. The server could not start.
Error: (06/27/2022 10:17:41 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4B3BE7A7-0662-4492-AF97-061A88061663} because another computer on the network has the same name. The server could not start.
Error: (06/27/2022 10:17:34 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {3bca86fa-3f98-4285-8d04-31ddda2dbe69}, had event 74
Windows Defender:
================
Date: 2022-06-28 15:57:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-26 12:35:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-05-30 17:50:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-05-25 17:08:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-05-23 17:54:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-06-28 16:52:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-06-28 16:51:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
Date: 2022-06-28 10:22:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.51 08/12/2021
Motherboard: HP 87B8
Processor: AMD Ryzen 5 4500U with Radeon Graphics
Percentage of memory in use: 63%
Total physical RAM: 7541.36 MB
Available physical RAM: 2768.95 MB
Total Virtual: 8757.36 MB
Available Virtual: 2106.59 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:237.62 GB) (Free:182.82 GB) (Model: KBG40ZNV256G KIOXIA) (Protected) NTFS
\\?\Volume{210f79fb-6489-44da-b57a-64b6b75c1a33}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS
\\?\Volume{cd011f05-8982-446e-9a35-a06f9cebd46c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 436A460F)
Partition: GPT.
==================== End of Addition.txt =======================