Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help with FRST Logs & Fixlist If Possible [Closed]

Started by TXRocky , Apr 18 2022 05:02 AM

  • This topic is locked This topic is locked

#1
TXRocky
Posted 18 April 2022 - 05:02 AM

TXRocky

    New Member

  • Member
  • Pip
  • 1 posts

Hello-

 

I have tried numerous times to follow the wonderfully written FRST tutorial (very helpful) but before just putting it out there I would like to note that on alot of it I am unsure about and would greatly appreciate it if someone could assist me with putting together the fixlist. I would also be very grateful if someone could review the scanlog below and translate/give a summary as to what the scan found and what possible issues my computer has. It is only about 6 weeks old, and was hacked last year and do believe the hackers still have access to my pc. Any help is appreciated and the logs are below:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2022 02
Ran by Karen (administrator) on HPPC (HP HP Desktop M01-F1xxx) (18-04-2022 05:11:57)
Running from C:\Users\Karen\Desktop
Loaded Profiles: Karen
Platform: Microsoft Windows 11 Home Version 21H2 22000.613 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\GlassWire\GWCtlSrv.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\BridgeCommunication.exe
(DriverStore\FileRepository\u0373572.inf_amd64_20b1fa37f72a81a5\B372529\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0373572.inf_amd64_20b1fa37f72a81a5\B372529\atieclxx.exe
(explorer.exe ->) (Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <4>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) () [File not signed] C:\Program Files\PrivateWin10\PrivateService.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0373572.inf_amd64_20b1fa37f72a81a5\B372529\atiesrxx.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe <3>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe <2>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe
(services.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\101.0.4951.13\remoting_host.exe <2>
(services.exe ->) (HON HAI PRECISION INDUSTRY CO.LTD. -> ) C:\Program Files\FanControlApp\FanControlApp.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\SysInfoCap.exe
(services.exe ->) (Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c3f6cdb5c1120dad\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\ad2f1837.myhp_1.10.53228.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.581_none_0484ba814ca7afc5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9763272 2022-02-18] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [136142896 2022-03-28] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\Run: [com.fing.app] => C:\Program Files\Fing\Fing.exe [136142896 2022-03-28] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\Run: [com.squirrel.MightyText.MightyText] => C:\Users\Karen\AppData\Local\MightyText\Update.exe [1845096 2020-01-09] (Openphone Inc. -> GitHub)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-12] (Google LLC -> Google LLC)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
GroupPolicy: Restriction - Edge <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B66874-940D-4D88-9B06-8ECE91F1356E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2022-03-28] (HP Inc. -> HP Inc.)
Task: {099C7EC7-DE5F-43C3-A901-ED9C90A9094C} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c3f6cdb5c1120dad\RtkAudUService64.exe [1258568 2021-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {38F76D66-CFB8-47CB-BB2E-919186F74A87} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\Charter Security Suite\fsscan.exe [287896 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
Task: {3FB87084-86FA-4430-ADFF-3D20BBD6B9EA} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {43956FD0-2308-4EDD-8EA0-135A5972742A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4496D305-E9DC-4E03-A451-68F67F605866} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E052D69-6D36-4559-A6CB-4BA06FD2A323} - System32\Tasks\GoogleUpdateTaskMachineUA{6C4BD147-C273-4949-882D-D4C457486DAA} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-24] (Google LLC -> Google LLC)
Task: {532EE0A4-AC57-4604-B9C4-DB339A0EB54E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {6D7B2D25-EE69-4412-B1A5-02F2E01B3112} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2022-03-28] (HP Inc. -> HP Inc.)
Task: {6ECF5E95-6DE7-42A0-90CF-3F038ABB1591} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-03-28] (HP Inc. -> HP Inc.)
Task: {85D0BD8D-A6C4-47D6-B744-0B2D14D93750} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-03-28] (HP Inc. -> HP Inc.)
Task: {8F7BF44A-E93D-4C03-82FC-5F08842350ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A970732A-7128-46AB-B645-22A753C33119} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\Charter Security Suite\fs_hotfix.exe [291992 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
Task: {B610C874-FC10-45DC-A1D9-3C5944A4FBE6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8A0CE8E-1DB6-43B8-8F62-1D25741E18AF} - System32\Tasks\GoogleUpdateTaskMachineCore{238A8A3C-9172-4284-83FC-B74A68E0EA85} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-24] (Google LLC -> Google LLC)
Task: {CB264D5C-AB5D-485C-ACC3-402ED2836A81} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCC99E0F-F493-4E3A-AB83-387AF87F83F8} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F068786F-C811-4553-98E4-F0F7D9F6D813} - \Microsoft\XblGameSave\XblGameSaveTask -> No File <==== ATTENTION
Task: {F753C99C-96D1-4052-95A6-DE349C6838E8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Scheduled scanning task.job => C:\Program Files (x86)\Charter Security Suite\fsscan.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1ca66196-4d0c-44be-9e29-12293b2c3645}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3d1e5312-15bd-4e3d-8abc-d0a8b8af0873}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c916ba87-be07-4b6c-91f3-fcfc863fb79b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dd157b32-431a-4c64-b3b2-010bcf1ea8dd}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\Karen\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-04-18]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\Karen\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cpikpibllpjmpnchjajlibnmmomnnhnm [2022-04-05]
Edge Extension: (Microsoft Power Automate) - C:\Users\Karen\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\njjljiblognghfjfpcdpdbpbfcmhgafg [2022-04-02]
Edge HKLM\...\Edge\Extension: [cpikpibllpjmpnchjajlibnmmomnnhnm]
Edge HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg]
Edge HKLM-x32\...\Edge\Extension: [cpikpibllpjmpnchjajlibnmmomnnhnm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 9ww690h4.default
FF ProfilePath: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\9ww690h4.default [2022-03-22]
FF ProfilePath: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231 [2022-04-18]
FF Extension: (Disconnect) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\2.0@disconnect.me.xpi [2022-04-07]
FF Extension: (Clear Cache) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\clearcache@michel.de.almeida.xpi [2022-03-26]
FF Extension: (OneTab) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\extension@one-tab.com.xpi [2022-04-15]
FF Extension: (File Converter - By Online-Convert.com) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\firefox@online-convert.com.xpi [2022-03-29]
FF Extension: (VT4Browsers) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\info@virustotal.com.xpi [2022-04-08]
FF Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2022-04-02]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-04-08]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2022-04-02]
FF Extension: (Browsing Protection by F-Secure) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\ols@f-secure.com.xpi [2022-04-12] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json]
FF Extension: (Print Edit WE) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\printedit-we@DW-dev.xpi [2022-04-02]
FF Extension: (Private Bookmarks) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\private-bookmarks@rharel.xpi [2022-03-26]
FF Extension: (Chrome Remote Desktop) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\remotedesktop@google.com.xpi [2022-04-07] [UpdateUrl:hxxps://www.gstatic.com/chromoting/firefox_extension/update.json]
FF Extension: (Tabby - Window and Tab Manager) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\tabby@whatsyouridea.com.xpi [2022-03-26]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-04-13]
FF Extension: (Stylebot) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{52bda3fd-dc48-4b3d-a7b9-58af57879f1e}.xpi [2022-03-26]
FF Extension: (SingleFile) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{531906d3-e22f-4a6c-a102-8057b88a1a63}.xpi [2022-04-18]
FF Extension: (NoScript) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]
FF Extension: (History Cleaner) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{a138007c-5ff6-4d10-83d9-0afaf0efbe5e}.xpi [2022-03-26]
FF Extension: (Open Frame) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{c853c31a-d96d-4394-bff3-da25ba9ab8b9}.xpi [2022-04-02] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-04-09]
FF Extension: (No Name) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\w5zt05l4.default-release-1648024858231\Extensions\{f6a13550-1f95-4c38-a8fa-fa56c17057f8}.xpi [2022-04-02]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default [2022-04-16]
CHR Notifications: Default -> hxxps://digits.t-mobile.com; hxxps://express.adobe.com; hxxps://www.youtube.com
CHR Extension: (Google Drive) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-24]
CHR Extension: (YouTube) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-03-24]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2022-03-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-04-08]
CHR Extension: (uBlock Origin) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-04-08]
CHR Extension: (VT4Browsers) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2022-04-08]
CHR Extension: (Google Docs Offline) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-24]
CHR Extension: (HTML editor WebStudio for Webpages) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchpnbmmbepldbfdgbjfigifhobbjcel [2022-03-28]
CHR Extension: (Show Frame) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2022-04-02]
CHR Extension: (SwiftConverter | Free File Converter) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielmedmaojjcccenembkobaocbikcepl [2022-03-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-13]
CHR Extension: (Disconnect) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2022-04-07]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2022-04-05]
CHR Extension: (Open Frame) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2022-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-24]
CHR Extension: (Print Edit WE) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2022-03-28]
CHR Extension: (Gmail) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-24]
CHR Extension: (f*ck overlays) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppedokobpbdajgiejhnjfbdjlgobcpkp [2022-04-06]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam]
CHR HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\101.0.4951.13\remoting_host.exe [72024 2022-03-27] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe [106136 2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe [415968 2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7289288 2022-02-18] (GlassWire -> SecureMix LLC)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [891256 2020-07-30] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\AppHelperCap.exe [762888 2022-02-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\DiagsCap.exe [760312 2022-02-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\NetworkCap.exe [758280 2022-02-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e\x64\SysInfoCap.exe [761376 2022-02-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-22] (HP Inc. -> HP Inc.)
R2 ID19 HP Fan Control Service; C:\Program Files\FanControlApp\FanControlApp.exe [283168 2020-04-28] (HON HAI PRECISION INDUSTRY CO.LTD. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-13] (Malwarebytes Inc -> Malwarebytes)
R2 priv10; C:\Program Files\PrivateWin10\PrivateService.exe [135680 2022-04-07] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2203.40000.1.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [229888 2022-04-18] () [File not signed]
R2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Karen\AppData\Roaming"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25016 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0373572.inf_amd64_20b1fa37f72a81a5\B372529\amdkmdag.sys [80513416 2021-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulgk.sys [398792 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [51736 2022-04-07] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [15816 2022-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> F-Secure Corporation)
R2 fsnif2; C:\Program Files (x86)\Charter Security Suite\Ultralight\nif2\1643898281\nif2s64.sys [172480 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-20] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-18] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-22] (Microsoft Windows -> Microsoft Corporation)
U3 aspnet_state; no ImagePath
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-18 05:11 - 2022-04-18 05:12 - 000029608 _____ C:\Users\Karen\Desktop\FRST.txt
2022-04-18 05:00 - 2022-04-18 05:00 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-18 05:00 - 2022-04-18 05:00 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-18 05:00 - 2022-04-18 05:00 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-18 04:59 - 2022-04-18 04:59 - 000000938 _____ C:\Users\Karen\Desktop\mwb.txt
2022-04-18 03:49 - 2022-04-18 03:49 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-04-18 03:49 - 2022-04-18 03:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-04-18 03:49 - 2022-04-18 03:49 - 000000000 ____D C:\Program Files\WinRAR
2022-04-18 03:48 - 2022-04-18 03:48 - 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-04-18 03:48 - 2022-04-18 03:48 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Notepad++
2022-04-18 03:48 - 2022-04-18 03:48 - 000000000 ____D C:\Program Files\Notepad++
2022-04-18 01:16 - 2022-04-18 05:00 - 000000000 ____D C:\Users\Karen\AppData\Local\PlaceholderTileLogoFolder
2022-04-18 00:54 - 2022-04-18 00:54 - 000000000 ____D C:\Users\Karen\Downloads\TIW11
2022-04-18 00:53 - 2022-04-18 00:53 - 000137166 _____ C:\Users\Karen\Downloads\TIW11.zip
2022-04-17 23:29 - 2022-04-17 23:29 - 000000336 _____ C:\Users\Karen\Desktop\Fixlog.txt
2022-04-17 17:20 - 2022-04-17 17:20 - 000000000 _____ C:\Users\Karen\Desktop\fixlist.txt
2022-04-17 17:14 - 2022-04-10 16:35 - 002365440 _____ (Farbar) C:\Users\Karen\Desktop\FRST64.exe
2022-04-16 17:32 - 2022-04-16 17:32 - 000004415 _____ C:\Users\Karen\Downloads\IMG_20220415_050107_ccexpress.jpeg
2022-04-15 00:53 - 2022-04-15 00:53 - 125991083 _____ C:\Users\Karen\Downloads\screencast-www.joesandbox.com-2022.04.15-00_50_19.webm
2022-04-13 08:40 - 2022-04-13 08:41 - 000000000 ____D C:\Users\Karen\AppData\Local\Notepad
2022-04-13 08:22 - 2022-04-13 08:22 - 000015192 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-13 08:20 - 2022-04-13 08:20 - 000000000 ___HD C:\$WinREAgent
2022-04-13 06:22 - 2022-04-16 20:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-13 04:25 - 2022-04-13 04:25 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-13 04:25 - 2022-04-13 04:25 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-04-13 04:25 - 2022-04-13 04:25 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-04-13 04:25 - 2022-04-13 04:25 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-13 04:25 - 2022-04-13 04:25 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-13 04:25 - 2022-04-13 04:25 - 000000000 ____D C:\Users\Karen\AppData\Local\mbam
2022-04-13 04:25 - 2022-04-13 04:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-04-13 04:24 - 2022-04-13 04:24 - 002443448 _____ (Malwarebytes) C:\Users\Karen\Downloads\MBSetup(1).exe
2022-04-13 04:24 - 2022-04-13 04:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-12 21:05 - 2022-04-12 21:05 - 000000112 ___SH C:\bootTel.dat
2022-04-12 07:48 - 2022-04-12 07:48 - 001077060 _____ C:\Users\Karen\Downloads\farbar1.pdf
2022-04-12 07:45 - 2022-04-12 07:45 - 000693693 _____ C:\Users\Karen\Downloads\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials (4_12_2022 7_45_12 AM).html
2022-04-12 07:44 - 2022-04-12 07:44 - 000693840 _____ C:\Users\Karen\Downloads\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials (4_12_2022 7_44_41 AM).html
2022-04-12 07:44 - 2022-04-12 07:44 - 000693692 _____ C:\Users\Karen\Downloads\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials (4_12_2022 7_43_55 AM).html
2022-04-12 07:43 - 2022-04-12 07:43 - 000698698 _____ C:\Users\Karen\Downloads\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials (4_12_2022 7_43_19 AM).html
2022-04-12 07:41 - 2022-04-12 07:41 - 000700208 _____ C:\Users\Karen\Downloads\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials (4_12_2022 7_41_10 AM).html
2022-04-12 07:31 - 2022-04-12 07:31 - 000000000 _____ C:\Users\Karen\Downloads\732168 (1).pdf
2022-04-12 07:29 - 2022-04-12 07:30 - 000000000 _____ C:\Users\Karen\Downloads\732168.pdf
2022-04-12 06:08 - 2022-04-12 06:08 - 000001120 _____ C:\Users\Karen\Desktop\whatsapp.DMP - Shortcut.lnk
2022-04-11 06:39 - 2022-04-18 04:59 - 000000000 ____D C:\Users\Karen\Downloads\usbdeview-x64
2022-04-11 06:36 - 2022-04-12 17:33 - 000000000 ____D C:\Users\Karen\Downloads\appnetworkcounter-x64
2022-04-11 06:36 - 2022-04-11 06:36 - 000080359 _____ C:\Users\Karen\Downloads\appnetworkcounter-x64.zip
2022-04-11 06:33 - 2022-04-13 08:40 - 000000000 ____D C:\Users\Karen\Downloads\livetcpudpwatch-x64
2022-04-11 06:33 - 2022-04-11 06:33 - 000098250 _____ C:\Users\Karen\Downloads\livetcpudpwatch-x64.zip
2022-04-11 06:27 - 2022-04-11 06:28 - 000000000 ____D C:\Users\Karen\Downloads\tcplogview-x64
2022-04-11 06:27 - 2022-04-11 06:27 - 000102699 _____ C:\Users\Karen\Downloads\tcplogview-x64.zip
2022-04-11 06:26 - 2022-04-11 06:26 - 000124890 _____ C:\Users\Karen\Downloads\usbdeview-x64.zip
2022-04-11 06:20 - 2022-04-11 06:20 - 000000738 _____ C:\Users\Karen\Desktop\User Logon ListREMOTE.txt
2022-04-11 06:11 - 2022-04-11 06:11 - 000000738 _____ C:\Users\Karen\Downloads\User Logon List.html
2022-04-11 06:06 - 2022-04-11 06:06 - 000000738 _____ C:\Users\Karen\Downloads\User Logon ListREMOTE.txt
2022-04-11 05:52 - 2022-04-11 12:12 - 000000000 ____D C:\Users\Karen\Downloads\wifihistoryview
2022-04-11 05:50 - 2022-04-11 05:50 - 000080493 _____ C:\Users\Karen\Downloads\wifihistoryview.zip
2022-04-11 05:47 - 2022-04-12 17:33 - 000000000 ____D C:\Users\Karen\Downloads\winlogonview
2022-04-11 04:42 - 2022-04-11 04:42 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2022-04-11 04:25 - 2022-04-11 04:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2022-04-11 04:25 - 2022-04-11 04:25 - 000000000 ____D C:\Program Files (x86)\WinPcap
2022-04-10 19:07 - 2022-04-10 19:07 - 000012560 _____ C:\WINDOWS\system32\tasklist41022.txt
2022-04-10 19:01 - 2022-04-10 19:01 - 000000000 ____D C:\ViveTool
2022-04-10 18:59 - 2022-04-10 18:59 - 000012123 _____ C:\Users\Karen\Downloads\ViVeTool-v0.2.1.zip
2022-04-10 16:42 - 2022-04-12 04:59 - 000035159 _____ C:\Users\Karen\Downloads\Shortcut.txt
2022-04-10 16:41 - 2022-04-12 04:59 - 000081740 _____ C:\Users\Karen\Downloads\Addition.txt
2022-04-10 16:40 - 2022-04-17 17:09 - 000261568 _____ C:\Users\Karen\Downloads\FRST.txt
2022-04-10 16:39 - 2022-04-18 05:12 - 000000000 ____D C:\FRST
2022-04-10 16:35 - 2022-04-10 16:35 - 002365440 _____ (Farbar) C:\Users\Karen\Downloads\FRST64.exe
2022-04-10 15:15 - 2022-04-10 15:16 - 005191992 _____ C:\Users\Karen\Downloads\MyLanViewer_portable.zip
2022-04-10 15:09 - 2022-04-10 15:09 - 000000000 ____D C:\Users\Karen\Downloads\network-ip-scanner
2022-04-10 15:08 - 2022-04-10 15:08 - 002459333 _____ C:\Users\Karen\Downloads\network-ip-scanner.zip
2022-04-10 09:28 - 2022-04-10 09:28 - 000809832 _____ C:\Users\Karen\Downloads\quick-start(2).pdf
2022-04-10 07:06 - 2022-04-10 07:06 - 000002694 _____ C:\Users\Karen\Desktop\Adobe Creative Cloud Express.lnk
2022-04-10 07:06 - 2022-04-10 07:06 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-04-10 06:46 - 2022-04-10 06:46 - 000000000 ____D C:\Users\Karen\AppData\Roaming\MightyText
2022-04-08 22:26 - 2022-04-08 22:26 - 000002222 _____ C:\WINDOWS\system32\net48.txt
2022-04-08 22:23 - 2022-04-08 22:23 - 000013340 _____ C:\WINDOWS\system32\tasklist48.txt
2022-04-08 15:44 - 2022-04-08 15:44 - 000142744 _____ C:\Users\Karen\Downloads\vtuploader2.2(1).exe
2022-04-08 15:44 - 2022-04-08 15:44 - 000002155 _____ C:\Users\Karen\Desktop\VirusTotal Uploader 2.2.lnk
2022-04-08 15:44 - 2022-04-08 15:44 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2022-04-08 15:44 - 2022-04-08 15:44 - 000000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2022-04-08 06:56 - 2022-04-12 07:24 - 000000000 ____D C:\Users\Karen\Desktop\Flyer
2022-04-08 06:13 - 2022-04-08 06:13 - 000000000 ____D C:\Users\Karen\Desktop\fsdiag
2022-04-08 06:09 - 2022-04-08 06:09 - 007208890 _____ C:\Users\Karen\Desktop\fsdiag3.zip
2022-04-08 04:26 - 2022-04-08 04:26 - 000000000 ____D C:\LighhouseRocky
2022-04-07 22:24 - 2022-04-07 22:24 - 000001064 _____ C:\Users\Karen\Downloads\my-ublock-backup_2022-04-07_22.24.43.txt
2022-04-07 12:33 - 2022-04-07 12:33 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\Temp
2022-04-07 10:55 - 2022-04-07 10:55 - 000000000 ____D C:\ProgramData\Google
2022-04-07 10:50 - 2022-04-07 10:50 - 000000087 _____ C:\Users\Karen\Desktop\REM.txt
2022-04-07 10:31 - 2022-04-07 10:39 - 019636224 _____ C:\Users\Karen\Downloads\chromeremotedesktophost.msi
2022-04-07 10:22 - 2022-04-07 10:22 - 000000000 ____H C:\Users\Karen\Downloads\Documents\Default.rdp
2022-04-07 08:38 - 2022-04-07 13:35 - 1645791232 _____ C:\Users\Karen\Downloads\Simplewall-0.0.1.iso
2022-04-07 08:38 - 2022-04-07 08:39 - 000809832 _____ C:\Users\Karen\Downloads\quick-start(1).pdf
2022-04-07 08:37 - 2022-04-07 08:38 - 000809832 _____ C:\Users\Karen\Downloads\quick-start.pdf
2022-04-07 08:22 - 2022-04-07 08:37 - 000000000 ____D C:\ProgramData\PrivateWin10
2022-04-07 08:22 - 2022-04-07 08:22 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Win10.lnk
2022-04-07 08:22 - 2022-04-07 08:22 - 000000000 ____D C:\Program Files\PrivateWin10
2022-04-07 08:21 - 2022-04-07 08:21 - 002500608 _____ () C:\Users\Karen\Downloads\PrivateWin10-Setup-v0.85.exe
2022-04-07 03:33 - 2022-04-10 06:46 - 000000000 ____D C:\Users\Karen\AppData\Local\MightyText
2022-04-07 03:05 - 2022-04-07 03:05 - 000027864 _____ C:\Users\Karen\Downloads\288cfa680b4cf510e3a93e78ad5f2779.jpeg
2022-04-07 01:15 - 2022-04-07 01:15 - 000000144 _____ C:\Users\Karen\Desktop\net1.txt
2022-04-06 21:16 - 2022-04-06 21:24 - 014549380 _____ C:\Users\Karen\Downloads\sac34173302_2.pdf
2022-04-06 20:58 - 2022-04-10 06:46 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MightyText
2022-04-06 03:55 - 2022-04-06 03:55 - 728939357 _____ C:\Users\Karen\Downloads\msedge (2)(1).DMP
2022-04-06 03:47 - 2022-04-06 03:47 - 000389373 _____ C:\Users\Karen\Downloads\marker_medium_com-the-invention-of-jaywalking-afd48f994c05.pdf
2022-04-06 03:43 - 2022-04-06 03:43 - 000273314 _____ C:\Users\Karen\Downloads\104.26.7.mp4
2022-04-05 16:40 - 2022-04-05 16:40 - 002687561 _____ C:\Users\Karen\Downloads\NetGuard-v2.300-release.apk
2022-04-05 09:13 - 2022-04-16 20:36 - 000000414 _____ C:\WINDOWS\Tasks\Scheduled scanning task.job
2022-04-05 09:13 - 2022-04-14 12:11 - 000003174 _____ C:\WINDOWS\system32\Tasks\Scheduled scanning task
2022-04-05 08:41 - 2022-04-05 08:39 - 000015816 _____ (F-Secure Corporation) C:\WINDOWS\system32\Drivers\fselms.sys
2022-04-05 08:38 - 2022-04-07 07:10 - 000051736 _____ (F-Secure Corporation) C:\WINDOWS\system32\Drivers\fsbts.sys
2022-04-05 08:35 - 2022-04-05 08:35 - 000002053 _____ C:\Users\Public\Desktop\Security Suite.lnk
2022-04-05 08:35 - 2022-04-05 08:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\F-Secure
2022-04-05 08:35 - 2022-04-05 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2022-04-05 08:35 - 2022-04-05 08:35 - 000000000 ____D C:\Program Files (x86)\Charter Security Suite
2022-04-05 08:19 - 2022-04-08 22:21 - 000000000 ____D C:\Users\Karen\AppData\Local\FSDART
2022-04-05 06:22 - 2022-04-05 06:23 - 003009091 _____ C:\Users\Karen\Downloads\Charter D31 eMTA - E31N2V1 User Guide.pdf
2022-04-05 06:22 - 2022-04-05 06:23 - 003009091 _____ C:\Users\Karen\Downloads\Charter D31 eMTA - E31N2V1 User Guide(1).pdf
2022-04-05 05:55 - 2022-04-05 05:55 - 001099523 _____ C:\Users\Karen\Downloads\roku2-xs-uk-qsg.pdf
2022-04-05 01:58 - 2022-04-07 09:08 - 000000000 ____D C:\ProgramData\F-Secure
2022-04-05 01:58 - 2022-04-05 09:19 - 000000000 ____D C:\Users\Karen\AppData\Local\F-Secure
2022-04-05 01:58 - 2022-04-05 01:58 - 000412712 _____ (F-Secure Corporation) C:\Users\Karen\Downloads\CharterOnlineScanner.exe
2022-04-05 01:57 - 2022-04-05 01:57 - 001664664 _____ (F-Secure Corporation) C:\Users\Karen\Downloads\CharterNetworkInstaller_C-JRJNC-D74GZ-HDDEV-TQ8UB-WPXQW_.exe
2022-04-03 15:51 - 2022-04-03 15:51 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-04-03 15:51 - 2022-04-03 15:51 - 000000000 ____D C:\Program Files\MSBuild
2022-04-03 15:51 - 2022-04-03 15:51 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-04-03 15:51 - 2022-04-03 15:51 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-04-03 15:34 - 2022-04-03 15:34 - 000000000 ____D C:\SideSync
2022-04-03 14:24 - 2022-04-15 00:35 - 000000000 ____D C:\Users\Karen\Desktop\screenshots
2022-04-03 13:39 - 2022-04-03 13:39 - 000005710 _____ C:\Users\Karen\Downloads\contacts (1).csv
2022-04-03 13:38 - 2022-04-03 13:38 - 000004143 _____ C:\Users\Karen\Downloads\contacts.csv
2022-04-03 12:03 - 2022-04-03 12:03 - 000013184 _____ C:\Users\Karen\svhostkilled.txt
2022-04-03 12:00 - 2022-04-03 12:00 - 000000766 _____ C:\Users\Karen\4322Noon.txt
2022-04-03 01:01 - 2022-04-03 01:01 - 000001568 _____ C:\Users\Karen\Desktop\4322.txt
2022-04-02 18:27 - 2022-04-02 18:27 - 000000000 ____D C:\Users\Karen\AppData\Local\Apps\2.0
2022-04-02 18:13 - 2022-04-02 18:13 - 002644440 _____ (Advanced Micro Devices, Inc.) C:\Users\Karen\Downloads\amdcleanuputility.exe
2022-04-01 20:37 - 2022-04-01 20:37 - 164843002 _____ C:\Users\Karen\Desktop\GWCtlSrv.exe.5268.dmp
2022-04-01 14:32 - 2022-04-01 14:32 - 002550832 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-04-01 14:32 - 2022-04-01 14:32 - 002080992 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-04-01 14:32 - 2022-04-01 14:32 - 000372736 _____ C:\WINDOWS\system32\hwreqchk.dll
2022-04-01 14:32 - 2022-04-01 14:32 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-01 14:32 - 2022-04-01 14:32 - 000032768 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-04-01 12:33 - 2022-04-01 12:33 - 000004994 _____ C:\Users\Karen\tasks.txt
2022-04-01 11:21 - 2022-04-01 11:21 - 174657247 _____ C:\Users\Karen\Desktop\GWCtlSrv.exe.4764.dmp
2022-04-01 11:19 - 2022-04-01 11:19 - 000000183 _____ C:\Users\Karen\Desktop\41.txt
2022-04-01 09:28 - 2022-04-10 19:04 - 000000000 ____D C:\Users\Karen\Downloads\lastactivityview
2022-04-01 09:16 - 2022-04-01 12:36 - 000000000 ____D C:\WINDOWS\pss
2022-04-01 02:05 - 2022-04-01 02:05 - 002964806 _____ C:\Users\Karen\Desktop\4.122networkchecknow.txt
2022-03-31 22:19 - 2022-03-31 22:19 - 000129380 _____ C:\Users\Karen\Desktop\331.txt
2022-03-31 22:16 - 2022-03-31 22:16 - 000000473 _____ C:\Users\Karen\Desktop\d.txt
2022-03-31 21:56 - 2022-03-31 21:56 - 000000000 ____D C:\New folder
2022-03-31 16:27 - 2022-03-31 16:27 - 000000000 ____D C:\Program Files\Fing
2022-03-31 15:31 - 2022-03-31 15:31 - 000141406 _____ C:\Users\Karen\Desktop\Linksys Official Support - Setting up the Linksys Dual-Band WiFi Router.htm
2022-03-31 15:31 - 2022-03-31 15:31 - 000000000 ____D C:\Users\Karen\Desktop\Linksys Official Support - Setting up the Linksys Dual-Band WiFi Router_files
2022-03-31 15:31 - 2022-03-31 15:31 - 000000000 _____ C:\Users\Karen\Desktop\1lyc.pdf
2022-03-31 15:30 - 2022-03-31 15:30 - 000000000 _____ C:\Users\Karen\Desktop\lyc.pdf
2022-03-31 10:24 - 2022-03-31 10:15 - 002294520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Err_6.4.5.exe
2022-03-31 10:23 - 2022-03-31 10:15 - 002294520 _____ (Microsoft Corporation) C:\WINDOWS\Err_6.4.5.exe
2022-03-31 10:15 - 2022-03-31 10:15 - 002294520 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\Err_6.4.5.exe
2022-03-30 22:54 - 2022-04-12 21:05 - 000000000 ____D C:\WINDOWS\Minidump
2022-03-30 22:51 - 2022-03-30 22:51 - 000000935 _____ C:\Users\Karen\Desktop\cmmd.txt
2022-03-30 14:50 - 2022-03-30 14:50 - 000000000 ____D C:\Users\Karen\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2022-03-30 10:10 - 2022-04-07 10:35 - 000000258 __RSH C:\ProgramData\ntuser.pol
2022-03-30 10:04 - 2022-03-30 10:04 - 000000392 _____ C:\Users\Karen\Downloads\List.txt
2022-03-30 10:03 - 2022-03-30 10:03 - 000000393 _____ C:\Users\Karen\Downloads\gpedit-enabler.bat
2022-03-29 23:07 - 2022-03-29 23:07 - 055024082 _____ C:\Users\Karen\Downloads\svchost (6)(1).DMP
2022-03-29 22:50 - 2022-03-29 22:50 - 728939357 _____ C:\Users\Karen\Downloads\msedge (2).DMP
2022-03-29 22:50 - 2022-03-29 22:50 - 055024082 _____ C:\Users\Karen\Downloads\svchost (6).DMP
2022-03-28 21:37 - 2022-03-28 21:37 - 000002496 _____ C:\Users\Karen\Downloads\adware22.txt
2022-03-28 09:28 - 2022-03-28 09:45 - 049215520 _____ (Samsung) C:\Users\Karen\Downloads\SideSync_4.7.5.203(1).exe
2022-03-27 15:34 - 2022-03-27 15:34 - 000003254 _____ C:\WINDOWS\system32\Tasks\MiniToolPartitionWizard
2022-03-27 12:12 - 2022-03-27 12:12 - 106370834 _____ C:\Users\Karen\BridgeCommunication.DMP
2022-03-27 10:03 - 2022-03-31 14:20 - 000000000 ____D C:\Users\Karen\AppData\Local\vysor
2022-03-27 03:09 - 2022-03-27 03:09 - 000092272 _____ C:\Users\Karen\Downloads\TCP_UDP Ports List.html
2022-03-27 03:07 - 2022-03-27 03:07 - 000003186 _____ C:\Users\Karen\Downloads\Documents\cc.txt
2022-03-27 03:06 - 2022-03-27 03:06 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2022-03-27 03:06 - 2022-03-27 03:06 - 000000000 ____D C:\Users\DefaultAppPool
2022-03-27 03:06 - 2022-03-21 01:15 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\Packages
2022-03-27 03:06 - 2021-06-05 07:04 - 000001281 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-03-27 03:06 - 2021-06-05 07:04 - 000000407 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-03-27 02:27 - 2022-03-27 02:27 - 000020204 _____ C:\Users\Karen\bust.txt
2022-03-27 02:26 - 2022-04-06 00:42 - 000006829 _____ C:\WINDOWS\system32\net.txt
2022-03-26 21:43 - 2022-03-26 21:43 - 002687505 _____ C:\Users\Karen\Downloads\NetGuard no root firewall_v2.300_apkpure.com.apk
2022-03-26 19:52 - 2022-04-18 05:00 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-03-26 19:50 - 2022-03-26 19:52 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-03-26 16:50 - 2022-03-26 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2022-03-26 16:50 - 2022-03-26 16:50 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2022-03-26 16:50 - 2022-03-26 16:50 - 000000000 ____D C:\inetpub
2022-03-26 15:04 - 2022-03-26 15:05 - 006705440 _____ (EnigmaSoft Limited) C:\Users\Karen\Downloads\SpyHunter-Installer.exe
2022-03-26 11:15 - 2022-03-26 11:15 - 000000000 ____D C:\ProgramData\Intel
2022-03-26 10:29 - 2022-03-30 09:29 - 000007647 _____ C:\Users\Karen\AppData\Local\Resmon.ResmonCfg
2022-03-26 09:07 - 2022-03-26 09:07 - 000142744 _____ C:\Users\Karen\Downloads\vtuploader2.2.exe
2022-03-26 05:56 - 2022-03-26 05:56 - 000802135 _____ C:\Users\Karen\Downloads\c78f9967-7a8c-44b0-ad94-732b63c89638 (1).crx
2022-03-26 05:53 - 2022-03-26 05:53 - 000802135 _____ C:\Users\Karen\Downloads\c78f9967-7a8c-44b0-ad94-732b63c89638
2022-03-26 05:12 - 2022-03-26 05:12 - 000006607 _____ C:\Users\Karen\Downloads\FingNetworkExport-20220326-0449(1).xlsx
2022-03-26 05:04 - 2022-03-26 05:04 - 000006607 _____ C:\Users\Karen\Downloads\FingNetworkExport-20220326-0449.xlsx
2022-03-25 23:57 - 2022-03-25 23:57 - 000000381 _____ C:\Users\Karen\x.txt
2022-03-25 17:38 - 2022-03-25 17:39 - 000000000 ____D C:\Users\Karen\AppData\Local\glasswire
2022-03-25 17:38 - 2022-03-25 17:38 - 000001981 _____ C:\Users\Public\Desktop\GlassWire.lnk
2022-03-25 17:38 - 2022-03-25 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2022-03-25 17:38 - 2022-03-25 17:38 - 000000000 ____D C:\Program Files (x86)\GlassWire
2022-03-25 17:38 - 2015-05-29 02:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2022-03-25 17:38 - 2015-05-29 02:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2022-03-25 17:36 - 2022-03-25 17:36 - 000000000 ____N C:\Users\Karen\Downloads\AcronisTrueImageOEM_full_11690(1).exe
2022-03-25 17:24 - 2022-03-26 01:03 - 000000025 _____ C:\WINDOWS\system32\sharehosts.json
2022-03-25 17:24 - 2022-03-26 01:03 - 000000025 _____ C:\WINDOWS\system32\networkhosts.json
2022-03-25 17:24 - 2022-03-26 01:03 - 000000025 _____ C:\WINDOWS\system32\cmpmaphosts.json
2022-03-25 16:41 - 2022-03-25 16:41 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Hewlett-Packard
2022-03-25 13:07 - 2022-04-06 13:08 - 000000000 ____D C:\Users\Karen\Downloads\cports-x64
2022-03-25 12:44 - 2022-03-25 12:44 - 000892048 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-03-24 17:07 - 2022-03-24 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2022-03-24 17:07 - 2022-03-24 17:07 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2022-03-24 17:04 - 2022-03-24 17:07 - 017060864 _____ C:\Users\Karen\Downloads\UniversalAdbDriverSetup.msi
2022-03-24 16:33 - 2022-04-07 03:33 - 000000000 ____D C:\Users\Karen\AppData\Local\SquirrelTemp
2022-03-24 16:33 - 2022-03-31 14:20 - 000000000 ____D C:\Users\Karen\AppData\Roaming\vysor
2022-03-24 16:33 - 2022-03-31 14:20 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vysor Inc
2022-03-24 16:33 - 2022-03-24 16:33 - 000000000 ____D C:\Users\Karen\.android
2022-03-24 16:11 - 2022-03-24 16:33 - 115651304 _____ (Vysor Inc.) C:\Users\Karen\Downloads\Vysor-win-4.1.77 (1).exe
2022-03-24 16:05 - 2022-03-24 16:05 - 000039027 _____ C:\Users\Karen\Downloads\147224.pdf
2022-03-24 16:04 - 2022-03-24 16:04 - 000088949 _____ C:\Users\Karen\Downloads\147223.pdf
2022-03-24 16:00 - 2022-03-24 16:00 - 000000000 ____D C:\Users\Karen\AppData\Roaming\MiniTool ShadowMaker
2022-03-24 16:00 - 2022-03-24 16:00 - 000000000 ____D C:\Users\Karen\AppData\Local\MiniTool ShadowMaker
2022-03-24 15:55 - 2022-03-24 15:55 - 000084688 _____ C:\Users\Karen\AppData\LocalLow\wbk995F.tmp
2022-03-24 14:37 - 2022-03-24 14:38 - 000077103 _____ C:\Users\Karen\Downloads\installedpackagesview-x64.zip
2022-03-24 14:27 - 2022-03-24 14:28 - 000094458 _____ C:\Users\Karen\Downloads\taskschedulerview-x64.zip
2022-03-24 14:21 - 2022-03-24 14:21 - 000088232 _____ C:\Users\Karen\Downloads\lastactivityview.zip
2022-03-24 14:19 - 2022-03-24 14:19 - 000069740 _____ C:\Users\Karen\Downloads\winlogonview.zip
2022-03-24 14:12 - 2022-03-24 14:12 - 000149544 _____ C:\Users\Karen\Downloads\regscanner_setup.exe
2022-03-24 14:12 - 2022-03-24 14:12 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft RegScanner
2022-03-24 14:05 - 2022-03-24 14:12 - 000000000 ____D C:\Program Files (x86)\NirSoft
2022-03-24 14:05 - 2022-03-24 14:05 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2022-03-24 14:04 - 2022-03-24 14:04 - 000500408 _____ C:\Users\Karen\Downloads\wnetwatcher_setup.exe
2022-03-24 14:00 - 2022-03-24 14:00 - 000066361 _____ C:\Users\Karen\Downloads\sysexp-x64.zip
2022-03-24 13:54 - 2022-04-13 08:40 - 000000000 ____D C:\Users\Karen\Downloads\deviceioview-x64
2022-03-24 13:49 - 2022-03-24 13:49 - 000085350 _____ C:\Users\Karen\Downloads\deviceioview-x64.zip
2022-03-24 13:37 - 2022-03-24 13:37 - 000131251 _____ C:\Users\Karen\Downloads\cports-x64.zip
2022-03-24 13:32 - 2022-03-24 13:32 - 000044244 _____ C:\Users\Karen\Downloads\netresview.zip
2022-03-24 13:22 - 2022-03-24 13:22 - 000150936 _____ C:\Users\Karen\Downloads\searchmyfiles-x64.zip
2022-03-24 06:02 - 2022-03-24 06:02 - 000155536 _____ C:\Users\Karen\Downloads\uninstall_list.txt
2022-03-24 05:42 - 2022-03-24 05:42 - 000108770 _____ C:\Users\Karen\Downloads\fulleventlogview-x64.zip
2022-03-24 05:01 - 2022-04-12 15:24 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-24 05:01 - 2022-04-12 15:24 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-24 05:01 - 2022-03-24 05:01 - 000000000 ____D C:\Program Files\Google
2022-03-24 04:26 - 2022-03-25 00:04 - 000000993 _____ C:\Users\Karen\Desktop\HJ.lnk
2022-03-24 03:55 - 2022-03-24 03:55 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{6C4BD147-C273-4949-882D-D4C457486DAA}
2022-03-24 03:55 - 2022-03-24 03:55 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{238A8A3C-9172-4284-83FC-B74A68E0EA85}
2022-03-24 03:53 - 2022-03-24 03:54 - 001343320 _____ (Google LLC) C:\Users\Karen\Downloads\ChromeSetup(1).exe
2022-03-24 03:42 - 2022-03-24 03:42 - 000000000 ____D C:\Users\Karen\Downloads\Documents\SideSync
2022-03-24 03:42 - 2022-03-24 03:42 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Samsung
2022-03-24 03:41 - 2022-04-04 21:58 - 000000000 ____D C:\Program Files (x86)\Samsung
2022-03-24 03:41 - 2022-03-24 03:41 - 000000352 _____ C:\Users\Karen\Desktop\KD.lnk
2022-03-24 03:41 - 2022-03-24 03:41 - 000000000 ____D C:\ProgramData\Samsung
2022-03-24 03:41 - 2022-03-24 03:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2022-03-24 03:41 - 2022-03-24 03:41 - 000000000 ____D C:\Program Files\Samsung
2022-03-24 02:52 - 2022-04-01 08:41 - 000000000 ___RD C:\Users\Karen\Creative Cloud Files
2022-03-24 02:05 - 2022-04-02 18:21 - 000000000 ____D C:\Users\Karen\AppData\Local\ElevatedDiagnostics
2022-03-23 23:27 - 2022-04-01 10:41 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-03-23 23:27 - 2022-04-01 10:41 - 000000000 ____D C:\Program Files\Adobe
2022-03-23 23:27 - 2022-04-01 10:41 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-03-23 23:27 - 2022-03-24 02:47 - 000000000 ____D C:\ProgramData\Adobe
2022-03-23 17:28 - 2022-04-16 20:14 - 000000000 ____D C:\Users\Karen\AppData\Local\CrashDumps
2022-03-23 17:02 - 2022-03-26 12:16 - 000000000 ____D C:\Users\Karen\AppData\Roaming\QtProject
2022-03-23 17:02 - 2021-03-09 18:41 - 000037336 _____ C:\WINDOWS\system32\pwdrvio.sys
2022-03-23 17:02 - 2019-11-08 10:15 - 003600896 _____ C:\WINDOWS\system32\pwNative.exe
2022-03-23 17:02 - 2019-11-08 10:15 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys
2022-03-23 17:01 - 2022-03-26 12:17 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2022-03-23 16:51 - 2022-03-26 01:19 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2022-03-23 16:51 - 2022-03-23 16:51 - 000001035 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2022-03-23 16:51 - 2022-03-23 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2022-03-23 13:07 - 2022-03-23 14:07 - 000000000 ____D C:\Users\Karen\AppData\Local\MyLanViewer
2022-03-23 11:57 - 2022-03-23 11:57 - 000069632 _____ C:\Users\Karen\Downloads\Documents\samepcname.evtx
2022-03-23 11:57 - 2022-03-23 11:57 - 000000000 ____D C:\Users\Karen\Downloads\Documents\LocaleMetaData
2022-03-23 11:56 - 2022-03-23 11:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Event Viewer Tasks
2022-03-23 11:36 - 2022-03-23 11:36 - 000000949 _____ C:\Users\Karen\Desktop\gpedit.dll - Shortcut.lnk
2022-03-23 07:10 - 2022-03-23 07:11 - 000000000 ____D C:\SWSetup
2022-03-23 07:10 - 2022-03-23 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-03-23 05:20 - 2022-03-23 05:34 - 049215520 _____ (Samsung) C:\Users\Karen\Downloads\SideSync_4.7.5.203.exe
2022-03-23 04:04 - 2022-03-23 04:04 - 000834374 _____ C:\Users\Karen\Downloads\SummaryBillJun2021.pdf
2022-03-23 03:41 - 2022-03-23 03:41 - 000000000 ____D C:\Users\Karen\Desktop\Old Firefox Data
2022-03-23 03:40 - 2022-04-13 08:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-03-23 03:29 - 2022-03-23 03:29 - 000023719 _____ C:\Users\Karen\Downloads\ar-AAVnsyq.htm
2022-03-22 23:27 - 2022-03-22 23:27 - 000003366 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2022-03-22 17:44 - 2022-03-22 17:44 - 000000000 ____D C:\Users\Karen\32UtilWin
2022-03-22 17:43 - 2022-04-11 21:53 - 000000000 ____D C:\Users\Karen\Desktop\j
2022-03-22 17:42 - 2022-03-22 17:42 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\webviewdata
2022-03-22 16:01 - 2022-04-18 05:04 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Fing
2022-03-22 16:01 - 2022-04-10 21:02 - 000000000 ____D C:\Program Files\Npcap
2022-03-22 16:01 - 2022-03-30 01:12 - 000000000 ____D C:\Users\Karen\AppData\Local\fing-updater
2022-03-22 16:01 - 2022-03-22 16:01 - 000001773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fing.lnk
2022-03-22 16:01 - 2022-03-22 16:01 - 000001761 _____ C:\Users\Public\Desktop\Fing.lnk
2022-03-22 16:01 - 2022-03-22 16:01 - 000000000 ____D C:\Users\Karen\AppData\Roaming\FingAgent
2022-03-22 16:01 - 2022-03-22 16:01 - 000000000 ____D C:\ProgramData\Fingagent
2022-03-22 15:54 - 2022-03-22 23:27 - 000000000 ____D C:\ProgramData\McInstTemp0304251647982475
2022-03-22 15:02 - 2022-03-22 15:19 - 094957248 _____ (Fing Ltd) C:\Users\Karen\Downloads\Fing.exe
2022-03-22 08:36 - 2022-04-05 01:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-22 08:34 - 2022-04-13 08:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-22 03:54 - 2022-03-26 13:16 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-22 03:54 - 2022-03-22 03:54 - 000000000 ____D C:\ProgramData\GlassWire
2022-03-22 03:36 - 2022-03-22 03:50 - 069195112 _____ (SecureMix LLC) C:\Users\Karen\Downloads\GlassWireSetup(1).exe
2022-03-22 03:20 - 2022-04-18 02:41 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\Mozilla
2022-03-22 03:20 - 2022-04-17 02:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-03-22 03:20 - 2022-04-16 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-22 03:20 - 2022-04-13 08:41 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-22 03:20 - 2022-03-23 03:40 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-03-22 03:20 - 2022-03-22 03:20 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Mozilla
2022-03-22 03:20 - 2022-03-22 03:20 - 000000000 ____D C:\Users\Karen\AppData\Local\Mozilla
2022-03-22 03:20 - 2022-03-22 03:20 - 000000000 ____D C:\Users\Karen\AppData\Local\HP_Inc
2022-03-21 21:02 - 2022-03-21 21:02 - 000855764 _____ C:\Users\Karen\Downloads\321b.txt
2022-03-21 15:56 - 2022-03-21 15:56 - 000855764 _____ C:\Users\Karen\Downloads\startuplis321.txt
2022-03-21 14:52 - 2022-03-24 16:00 - 000000000 ____D C:\Users\Karen\AppData\Local\Adobe
2022-03-21 12:07 - 2022-04-13 04:24 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-21 06:56 - 2022-04-18 05:02 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-21 06:56 - 2022-03-24 06:25 - 000000000 ____D C:\Users\Karen\AppData\Local\Google
2022-03-21 06:52 - 2022-03-21 06:52 - 000000000 ____D C:\Users\Karen\AppData\Local\CEF
2022-03-21 06:47 - 2022-04-18 03:40 - 000003634 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-03-21 06:47 - 2022-03-21 06:47 - 000000000 ____D C:\WINDOWS\ABR
2022-03-21 02:35 - 2022-03-21 12:20 - 000000000 ____D C:\Users\Karen\AppData\Local\HP
2022-03-21 02:35 - 2022-03-21 02:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-03-21 02:34 - 2022-04-07 00:11 - 000000000 ____D C:\Users\Karen\AppData\Local\Comms
2022-03-21 01:52 - 2022-03-21 01:52 - 000000000 ____D C:\Users\Karen\AppData\Roaming\WildTangent
2022-03-21 01:50 - 2022-03-24 13:43 - 000000000 ____D C:\Users\Karen\AppData\Local\VirtualStore
2022-03-21 01:50 - 2022-03-21 01:50 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-03-21 01:48 - 2022-04-18 05:00 - 000000000 ____D C:\Users\Karen\AppData\Local\D3DSCache
2022-03-21 01:48 - 2022-03-25 01:26 - 000000000 ____D C:\Users\Karen\AppData\Local\ConnectedDevicesPlatform
2022-03-21 01:48 - 2022-03-24 16:33 - 000000000 ____D C:\Users\Karen\AppData\Local\AMD
2022-03-21 01:48 - 2022-03-24 02:52 - 000000000 ____D C:\Users\Karen\AppData\Roaming\Adobe
2022-03-21 01:48 - 2022-03-21 02:35 - 000000000 ____D C:\Users\Karen\AppData\Local\Publishers
2022-03-21 01:48 - 2022-03-21 01:48 - 000000020 ___SH C:\Users\Karen\ntuser.ini
2022-03-21 01:48 - 2022-03-21 01:48 - 000000000 ____D C:\Users\Karen\AppData\Roaming\HP
2022-03-21 01:48 - 2022-03-21 01:48 - 000000000 ____D C:\Users\Karen\AppData\Local\SoundResearch
2022-03-21 01:23 - 2022-04-18 05:07 - 000954106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-21 01:20 - 2022-03-21 01:20 - 000005072 _____ C:\Users\Karen\Desktop\Removed Apps.html
2022-03-21 01:20 - 2022-03-21 01:20 - 000000000 _SHDL C:\Users\Default User
2022-03-21 01:20 - 2022-03-21 01:20 - 000000000 _SHDL C:\Users\All Users
2022-03-21 01:17 - 2022-04-18 03:49 - 000000000 ____D C:\Users\Karen\AppData\Local\Packages
2022-03-21 01:17 - 2022-04-13 08:40 - 000000000 ____D C:\Users\Karen
2022-03-21 01:17 - 2021-06-05 07:04 - 000001281 _____ C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-03-21 01:17 - 2021-06-05 07:04 - 000000407 _____ C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-03-21 01:16 - 2022-03-21 01:16 - 000000000 __HDL C:\System.sav
2022-03-21 01:15 - 2022-03-21 01:22 - 000000000 ____D C:\WINDOWS\Panther
2022-03-21 01:15 - 2022-03-21 01:22 - 000000000 ____D C:\Windows.old
2022-03-21 01:15 - 2022-03-21 01:15 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-03-21 01:15 - 2022-03-21 01:15 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2022-03-21 01:15 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files\HP
2022-03-21 01:15 - 2021-06-16 08:33 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2022-03-21 01:14 - 2022-03-21 01:15 - 000000000 ____D C:\WINDOWS\Setup
2022-03-21 01:14 - 2022-03-21 01:14 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-03-21 01:14 - 2022-03-21 01:14 - 000000000 ____D C:\WINDOWS\Firmware
2022-03-21 01:13 - 2022-03-21 02:34 - 000000000 ____D C:\WINDOWS\HoloShell
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\TextInput
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\0409
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\DigitalLocker
2022-03-21 01:13 - 2022-03-21 01:13 - 000000000 ____D C:\ProgramData\ssh
2022-03-21 01:12 - 2022-04-18 05:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-21 01:12 - 2022-04-18 01:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-21 01:12 - 2022-04-16 17:58 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-21 01:12 - 2022-04-16 17:58 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-21 01:12 - 2022-04-13 08:40 - 000500784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-21 01:12 - 2022-04-01 09:24 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-21 01:12 - 2022-04-01 09:24 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-21 01:12 - 2022-03-22 16:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-21 01:12 - 2022-03-22 02:33 - 000000000 ____D C:\WINDOWS\system32\AMD
2022-03-21 01:12 - 2022-03-21 01:14 - 000000000 ____D C:\ProgramData\Realtek
2022-03-21 01:12 - 2022-03-21 01:13 - 000000000 ____D C:\ProgramData\HP
2022-03-21 01:12 - 2022-03-21 01:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-03-21 01:12 - 2022-03-21 01:12 - 000000000 ____D C:\Program Files\AMD
2022-03-21 01:11 - 2022-04-18 05:07 - 000000000 ____D C:\WINDOWS\INF
2022-03-21 01:11 - 2022-04-18 05:07 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-21 01:11 - 2022-04-18 05:00 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2022-03-21 01:11 - 2022-04-18 05:00 - 000000000 ___SD C:\WINDOWS\system32\lxss
2022-03-21 01:11 - 2022-04-18 05:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-21 01:11 - 2022-04-18 03:54 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-21 01:11 - 2022-04-18 03:49 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-21 01:11 - 2022-04-13 08:40 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-21 01:11 - 2022-04-13 08:40 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-21 01:11 - 2022-04-13 04:25 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-21 01:11 - 2022-04-13 04:24 - 000000000 ___RD C:\Program Files (x86)
2022-03-21 01:11 - 2022-04-12 18:08 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-21 01:11 - 2022-04-08 22:02 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-03-21 01:11 - 2022-04-02 23:10 - 000000000 ____D C:\WINDOWS\Registration
2022-03-21 01:11 - 2022-04-01 20:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-03-21 01:11 - 2022-04-01 14:49 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-03-21 01:11 - 2022-03-30 10:05 - 000000000 ____D C:\WINDOWS\security
2022-03-21 01:11 - 2022-03-26 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-03-21 01:11 - 2022-03-26 16:50 - 000000000 ____D C:\WINDOWS\system32\setup
2022-03-21 01:11 - 2022-03-26 16:50 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-03-21 01:11 - 2022-03-23 23:27 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-03-21 01:11 - 2022-03-22 16:50 - 000000000 ____D C:\Program Files\Windows Defender
2022-03-21 01:11 - 2022-03-22 06:31 - 000000000 ____D C:\WINDOWS\appcompat
2022-03-21 01:11 - 2022-03-21 02:34 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-03-21 01:11 - 2022-03-21 01:19 - 000000000 __RHD C:\Users\Public\Libraries
2022-03-21 01:11 - 2022-03-21 01:17 - 000000000 ____D C:\ProgramData\USOPrivate
2022-03-21 01:11 - 2022-03-21 01:16 - 000000000 ____D C:\WINDOWS\system32\spool
2022-03-21 01:11 - 2022-03-21 01:15 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-03-21 01:11 - 2022-03-21 01:15 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\SystemApps
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\id-ID
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\Com
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\OCR
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\IME
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\Help
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\WINDOWS\BrowserCore
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files\Windows NT
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files\Common Files\System
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files (x86)\Windows NT
2022-03-21 01:11 - 2022-03-21 01:13 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-03-21 01:11 - 2022-03-21 01:12 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2022-03-21 01:11 - 2022-03-21 01:12 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-21 01:11 - 2022-03-21 01:11 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2022-03-21 01:11 - 2022-03-21 01:11 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2022-03-21 01:11 - 2022-03-21 01:11 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-03-21 01:11 - 2022-03-21 01:11 - 000078336 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-03-21 01:11 - 2022-03-21 01:11 - 000021047 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-03-21 01:11 - 2022-03-21 01:11 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2022-03-21 01:11 - 2022-03-21 01:11 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2022-03-21 01:11 - 2022-03-21 01:11 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2022-03-21 01:11 - 2022-03-21 01:11 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2022-03-21 01:11 - 2022-03-21 01:11 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2022-03-21 01:11 - 2022-03-21 01:11 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 __SHD C:\Program Files\Windows Sidebar
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\system32\Nui
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\WUModels
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Web
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\WaaS
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Vss
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\UUS
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\tracing
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\TAPI
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\winevt
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\ras
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Pbr
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\IME
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\icsxml
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\ias
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\DriverState
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\downlevel
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\System
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SKB
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\schemas
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\SchCache
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Resources
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\rescache
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Provisioning
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\PLA
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Performance
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\ModemLogs
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Media
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\L2Schemas
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\InputMethod
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\IdentityCRL
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Globalization
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Cursors
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Containers
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\Branding
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\ProgramData\USOShared
2022-03-21 01:11 - 2022-03-21 01:11 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2022-03-21 01:09 - 2022-04-18 03:40 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-21 01:08 - 2022-04-18 05:00 - 019660800 _____ C:\WINDOWS\system32\config\SYSTEM
2022-03-21 01:08 - 2022-04-18 05:00 - 001048576 _____ C:\WINDOWS\system32\config\DEFAULT
2022-03-21 01:08 - 2022-04-18 05:00 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-03-21 01:08 - 2022-04-18 05:00 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2022-03-21 01:08 - 2022-04-18 05:00 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2022-03-21 01:08 - 2022-03-26 06:55 - 000000000 ____D C:\WINDOWS\servicing
2022-03-21 01:08 - 2022-03-22 15:56 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-21 01:08 - 2022-03-21 01:11 - 000000000 ____D C:\WINDOWS\system32\SMI
2022-03-21 00:02 - 2022-03-21 01:20 - 000000000 ___HD C:\$SysReset
2022-03-20 13:25 - 2022-03-22 23:24 - 000000000 ____D C:\Users\Karen\Downloads\Backups
2022-03-20 12:59 - 2022-03-20 12:59 - 000000000 ____D C:\Users\Karen\Downloads\HijackThis
2022-03-20 12:56 - 2021-11-20 15:55 - 007355384 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Karen\Downloads\HJ.exe.bak
2022-03-20 12:55 - 2021-06-04 07:41 - 005980224 _____ (Intel) C:\Users\Karen\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2022-03-20 12:53 - 2022-03-20 12:53 - 000000000 ____D C:\Users\Karen\Downloads\NETGEAR
2022-03-20 12:53 - 2021-09-01 09:14 - 002096016 _____ (Sysinternals - www.sysinternals.com) C:\Users\Karen\Downloads\autoruns.exe
2022-03-20 12:52 - 2022-03-20 12:59 - 000000000 ___HD C:\Users\Karen\Downloads\32UtilWin
2022-03-20 12:52 - 2022-03-19 22:15 - 000525040 _____ C:\Users\Karen\Downloads\startuplist.txt
2022-03-20 12:51 - 2021-08-30 11:19 - 002120496 _____ (Malwarebytes) C:\Users\Karen\Downloads\MBSetup-119967.119967-consumer.exe
2022-03-20 12:51 - 2021-08-29 16:27 - 000333064 _____ (Mozilla) C:\Users\Karen\Downloads\Firefox Installer.exe
2022-03-20 12:50 - 2021-09-07 06:12 - 001342296 _____ (Google LLC) C:\Users\Karen\Downloads\ChromeSetup.exe
2022-03-20 12:49 - 2021-09-07 06:12 - 001342296 _____ (Google LLC) C:\Users\Karen\ChromeSetup.exe
2022-03-20 12:49 - 2021-08-29 16:27 - 000333064 _____ (Mozilla) C:\Users\Karen\Firefox Installer (1).exe
2022-03-20 10:29 - 2022-03-20 10:29 - 002443448 _____ (Malwarebytes) C:\Users\Karen\Downloads\MBSetup.exe
2022-03-20 09:33 - 2022-03-20 09:33 - 000000924 _____ C:\Users\Karen\Desktop\rocky.txt
2022-03-20 09:13 - 2022-03-20 09:13 - 000000222 _____ C:\Users\Karen\netstatafterreset.txt
2022-03-20 08:37 - 2022-03-21 01:50 - 000000000 ___RD C:\Users\Karen\OneDrive
2022-03-20 08:36 - 2022-03-20 08:36 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\AMD
2022-03-20 07:40 - 2022-03-20 07:40 - 000000000 _SHDL C:\Documents and Settings
2022-03-20 07:34 - 2022-04-18 05:00 - 000012288 ___SH C:\DumpStack.log.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-18 03:49 - 2021-06-25 13:11 - 000000000 ____D C:\ProgramData\Packages
2022-04-18 01:15 - 2021-06-05 07:19 - 001126728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
2022-04-18 01:15 - 2021-06-05 07:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wslconfig.exe
2022-04-18 01:15 - 2021-06-05 07:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2022-04-18 01:15 - 2021-06-05 07:19 - 000049464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2022-04-12 21:05 - 2022-02-18 03:50 - 001383280 ____N C:\WINDOWS\Minidump\041222-7906-01.dmp
2022-04-11 04:40 - 2022-03-01 04:07 - 000234840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2022-04-11 04:40 - 2022-02-20 20:30 - 000292200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2022-04-11 04:40 - 2021-06-05 07:19 - 000504144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2022-04-11 04:40 - 2021-06-05 07:19 - 000139600 _____ C:\WINDOWS\system32\nmscrub.exe
2022-04-11 04:40 - 2021-06-05 07:19 - 000119120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2022-04-11 04:40 - 2021-06-05 07:18 - 000327992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2022-04-11 04:40 - 2021-06-05 07:18 - 000233808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2022-04-11 04:40 - 2021-06-05 07:18 - 000143672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2022-04-11 04:40 - 2021-06-05 07:18 - 000049464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2022-04-05 23:02 - 2022-01-26 23:47 - 000000000 ____D C:\Program Files\Microsoft Office
2022-03-30 22:54 - 2022-02-18 03:50 - 001194700 _____ C:\WINDOWS\Minidump\033022-8687-01.dmp
2022-03-30 10:05 - 2022-01-27 00:05 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2022-03-30 10:05 - 2021-06-05 07:23 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2022-03-30 10:05 - 2021-06-05 07:22 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2022-03-30 10:05 - 2021-06-05 07:20 - 000120458 _____ C:\WINDOWS\system32\secpol.msc
2022-03-30 10:05 - 2021-06-05 07:19 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000147439 _____ C:\WINDOWS\system32\gpedit.msc
2022-03-30 10:05 - 2021-06-05 07:19 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2022-03-30 10:05 - 2021-06-05 07:19 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2022-03-30 10:05 - 2021-06-05 07:19 - 000043566 _____ C:\WINDOWS\system32\rsop.msc
2022-03-30 10:05 - 2021-06-05 07:18 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2022-03-30 10:05 - 2021-06-05 07:18 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2022-03-27 20:49 - 2019-07-18 09:36 - 000133632 _____ (NirSoft) C:\WINDOWS\LastActivityView.exe
2022-03-26 16:46 - 2021-06-05 07:24 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2022-03-26 16:46 - 2021-06-05 07:24 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2022-03-26 16:46 - 2021-06-05 07:24 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2022-03-26 16:46 - 2021-06-05 07:24 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2022-03-26 16:46 - 2021-06-05 07:24 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2022-03-26 16:46 - 2021-06-05 07:24 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2022-03-26 16:46 - 2021-06-05 07:24 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2022-03-26 16:46 - 2021-06-05 07:19 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2022-03-26 16:46 - 2021-06-05 07:19 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2022-03-26 06:48 - 2021-06-05 07:10 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-03-24 23:20 - 2021-06-25 13:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-24 13:36 - 2013-10-31 22:17 - 000044544 _____ (NirSoft) C:\Program Files (x86)\NetResView.exe
2022-03-24 13:35 - 2013-10-31 22:17 - 000044544 _____ (NirSoft) C:\NetResView.exe
2022-03-21 12:22 - 2022-01-27 00:20 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-03-21 01:52 - 2022-01-27 00:28 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-03-21 01:17 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-03-21 01:16 - 2022-01-27 00:25 - 000000000 ____D C:\WINDOWS\HP
2022-03-21 01:14 - 2022-01-26 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-03-21 01:13 - 2022-01-27 00:30 - 000000000 ____D C:\ProgramData\McInstTemp0143571643261405
2022-03-21 01:13 - 2022-01-27 00:26 - 000000000 ___HD C:\Program Files\FanControlApp
2022-03-21 01:13 - 2022-01-27 00:22 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-03-21 01:13 - 2022-01-26 23:47 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-03-21 01:13 - 2022-01-26 23:47 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-03-21 01:13 - 2022-01-26 23:46 - 000000000 ___RD C:\Program Files\Online Services
2022-03-21 01:13 - 2022-01-26 23:46 - 000000000 ___RD C:\Program Files (x86)\Online Services
2022-03-21 01:13 - 2022-01-26 23:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-03-21 01:13 - 2022-01-26 23:46 - 000000000 ____D C:\Program Files\HPCommRecovery
2022-03-21 01:13 - 2022-01-26 23:44 - 000000000 ____D C:\Program Files (x86)\HP
2022-03-21 01:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-03-20 07:36 - 2022-01-26 16:24 - 000000000 ___HD C:\hp

==================== Files in the root of some directories ========

2022-03-20 12:49 - 2021-09-07 06:12 - 001342296 _____ (Google LLC) C:\Users\Karen\ChromeSetup.exe
2022-03-20 12:49 - 2021-08-29 16:27 - 000333064 _____ (Mozilla) C:\Users\Karen\Firefox Installer (1).exe
2013-10-31 22:17 - 2022-03-24 13:36 - 000044544 _____ (NirSoft) C:\Program Files (x86)\NetResView.exe
2022-03-24 16:05 - 2022-03-29 15:10 - 000000205 _____ () C:\Users\Karen\AppData\Local\oobelibMkey.log
2022-03-26 10:29 - 2022-03-30 09:29 - 000007647 _____ () C:\Users\Karen\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD.  -> 0x0D0A57696E646F777320426F6F74204D616E616765720D0A2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A6964656E74696669657220202020202020202020202020207B626F6F746D67727D0D0A646576696365202020202020202020202020202020202020706172746974696F6E3D5C4465766963655C486172646469736B566F6C756D65310D0A7061746820202020202020202020202020202020202020205C4546495C4D6963726F736F66745C426F6F745C626F6F746D6766772E6566690D0A6465736372697074696F6E2020202020202020202020202057696E646F777320426F6F74204D616E616765720D0A6C6F63616C65202020202020202020202020202020202020656E2D55530D0A696E686572697420202020202020202020202020202020207B676C6F62616C73657474696E67737D0D0A64656661756C7420202020202020202020202020202020207B63757272656E747D0D0A726573756D656F626A6563742020202020202020202020207B35303061363962652D613864652D313165632D383538322D6435343232316333363639357D0D0A646973706C61796F726465722020202020202020202020207B63757272656E747D0D0A746F6F6C73646973706C61796F72646572202020202020207B6D656D646961677D0D0A74696D656F7574202020202020202020202020202020202034350D0A0D0A57696E646F777320426F6F74204C6F616465720D0A2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A6964656E74696669657220202020202020202020202020207B63757272656E747D0D0A646576696365202020202020202020202020202020202020706172746974696F6E3D433A0D0A7061746820202020202020202020202020202020202020205C57494E444F57535C73797374656D33325C77696E6C6F61642E6566690D0A6465736372697074696F6E2020202020202020202020202057696E646F77732031310D0A6C6F63616C65202020202020202020202020202020202020656E2D55530D0A696E686572697420202020202020202020202020202020207B626F6F746C6F6164657273657474696E67737D0D0A7265636F7665727973657175656E636520202020202020207B64386361656366612D376633342D313165632D393438322D6338356163663034333633647D0D0A646973706C61796D6573736167656F7665727269646520205265636F766572790D0A7265636F76657279656E61626C65642020202020202020205965730D0A69736F6C61746564636F6E746578742020202020202020205965730D0A616C6C6F776564696E6D656D6F727973657474696E677320307831353030303037350D0A6F7364657669636520202020202020202020202020202020706172746974696F6E3D433A0D0A73797374656D726F6F7420202020202020202020202020205C57494E444F57530D0A726573756D656F626A6563742020202020202020202020207B35303061363962652D613864652D313165632D383538322D6435343232316333363639357D0D0A6E78202020202020202020202020202020202020202020204F7074496E0D0A626F6F746D656E75706F6C696379202020202020202020205374616E646172640D0A
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2022 02
Ran by Karen (18-04-2022 05:12:42)
Running from C:\Users\Karen\Desktop
Microsoft Windows 11 Home Version 21H2 22000.613 (X64) (2022-03-21 06:22:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3156834934-4281094725-2595025550-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3156834934-4281094725-2595025550-503 - Limited - Disabled)
Guest (S-1-5-21-3156834934-4281094725-2595025550-501 - Limited - Enabled)
Karen (S-1-5-21-3156834934-4281094725-2595025550-1001 - Administrator - Enabled) => C:\Users\Karen
WDAGUtilityAccount (S-1-5-21-3156834934-4281094725-2595025550-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Security Suite by F-Secure (Enabled - Up to date) {67E93A7F-FDB2-39E8-E991-EA71E0926EF7}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud Express (HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\90fd99daec83697fe68caebbe8ebd4dc) (Version: 1.0 - Google\Chrome)
Chrome Remote Desktop Host (HKLM-x32\...\{78DF8F40-C9ED-4A18-B150-5314F42718CA}) (Version: 101.0.4951.13 - Google LLC)
Fing 2.9.0 (HKLM\...\Fing Desktop) (Version: 2.9.0 - Fing Ltd)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.397 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)
HP Audio Switch (HKLM-x32\...\{0B1DA73D-0562-4DE1-B942-CEF286CF2EDD}) (Version: 1.0.211.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.1 - Mozilla)
NirSoft RegScanner (HKLM-x32\...\NirSoft RegScanner) (Version:  - )
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Private Win10 (HKLM\...\PrivateWin10) (Version: 0.85 - David Xanatos)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Security Suite (HKLM-x32\...\{235B3536-A54E-4072-905F-FEFC431CEB2C}) (Version: 18.2 - F-Secure Corporation)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.26.249.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Enhanced Lighting -> C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.2.13.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.9180.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.15.66.0_x64__v10z8vjag6ke6 [2022-04-03] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.2.15.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.) [Startup Task]
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.3444.0_x64__8wekyb3d8bbwe [2022-03-31] (Microsoft Corporation) [Startup Task]
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.418.354.693_neutral__8wekyb3d8bbwe [2022-04-18] (Microsoft Corporation)
Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2203.40000.1.0_x64__8wekyb3d8bbwe [2022-04-18] (Microsoft Corp.) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2022-04-18] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3156834934-4281094725-2595025550-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Charter Security Suite\FsShellExtension64.dll [2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-03-14] (Notepad++ -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-13] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Karen\Desktop\Adobe Creative Cloud Express.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hchlbinpgfcbjninapbcpmmaegbdpcea
ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adobe Creative Cloud Express.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hchlbinpgfcbjninapbcpmmaegbdpcea
ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7f5250881a137909\uBlock Origin.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cjpalhdlnbpafiamejdnhcphjbkeiagm
ShortcutWithArgument: C:\Users\Karen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe offers.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103_NW&RedeemCode=wglzqxBP3HokigI6xYMMSwzx8cg3qbJvlLaTCf5medpP2f8Sd3Lsbk%2fDnHuaAR8o%2bf6cnJzinDmq5HvlNlNjBb86wK6SRLDJAnRQjj%2fpatIL3LTXGI%2bPG4zkm8JORNOVchK29fBsEgdRllPoWcjxRRT8iW7w86JkdCtE1YQX4R4%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge

==================== Loaded Modules (Whitelisted) =============

2022-04-07 08:22 - 2022-04-07 08:22 - 002487808 _____ () [File not signed] [File is in use] C:\Program Files\PrivateWin10\x64\Microsoft.O365.Security.Native.ETW.dll
2022-04-18 05:01 - 2022-04-18 05:01 - 000637440 _____ () [File not signed] \\?\C:\Users\Karen\AppData\Local\Temp\49cd5988-afeb-48a1-af7d-32c29bc8b010.tmp.node
2022-03-31 16:27 - 2022-03-28 05:05 - 000459264 _____ () [File not signed] C:\Program Files\Fing\swiftshader\libegl.dll
2022-03-31 16:27 - 2022-03-28 05:05 - 003217920 _____ () [File not signed] C:\Program Files\Fing\swiftshader\libglesv2.dll
2022-01-27 00:29 - 2022-01-27 00:29 - 000009216 _____ () [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\ImagePipelineNative.dll
2022-02-20 21:55 - 2022-02-20 22:20 - 000107008 _____ (Facebook, Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\yoga.dll
2022-01-27 00:29 - 2022-01-27 00:29 - 000014848 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53228.0_x64__v10z8vjag6ke6\NativeRpcClient.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https64.dll [2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-03-28] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https.dll [2022-04-05] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-03-28] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 07:08 - 2022-03-25 03:55 - 000000826 ____N C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\Control Panel\Desktop\\Wallpaper -> C:\LighhouseRocky\20220407_072138.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MTPW"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "GlassWire"
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "com.fing.app"
HKU\S-1-5-21-3156834934-4281094725-2595025550-1001\...\StartupApproved\Run: => "com.squirrel.MightyText.MightyText"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FCFDFD0-B2C0-4030-9276-BC56C90A79C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{1EFFE6F4-924F-47F6-B70A-F544BB423080}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{14DC85B6-E8AD-49B1-9FF7-393ECDA114B5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0D3306F-CE3B-45A8-B707-7960CA34B957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3A0076A0-1053-44CB-9FED-6603E8DA4FB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A4408643-4A2B-49B9-93DA-E5AB1513300B}] => (Block) C:\Program Files (x86)\Windows Media Player\wmplayer.exe => No File
FirewallRules: [{EC59C63C-FAE8-41D6-92A8-6B7EE5E48F76}] => (Block) C:\Program Files (x86)\Windows Media Player\wmplayer.exe => No File
FirewallRules: [{79763C9D-92D9-4510-9812-41320801D866}] => (Block) c:\program files\windowsapps\microsoft.windowsmaps_11.2202.6.0_x64__8wekyb3d8bbwe\maps.exe () [File not signed]
FirewallRules: [{8BEB3413-3BC5-42ED-AF89-5E0FE5341DA1}] => (Block) c:\program files\windowsapps\microsoft.windowsmaps_11.2202.6.0_x64__8wekyb3d8bbwe\maps.exe () [File not signed]
FirewallRules: [{E884382E-06EB-4E33-8C10-B27CFB0AE35A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\101.0.4951.13\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{0CF584DD-08F7-4349-A02D-34E2EFE71515}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F338A1D2-D3FD-431E-918E-7183998F7D43}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E028D577-2FEB-4204-8094-93DEDB890F73}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2203.40000.1.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe () [File not signed]

==================== Restore Points =========================

11-04-2022 04:40:27 Windows Modules Installer
12-04-2022 18:07:44 Windows Modules Installer
13-04-2022 08:19:48 Windows Modules Installer
13-04-2022 08:20:43 Windows Modules Installer
18-04-2022 01:14:40 ThisIsWin11 4/18/2022 1:14:40 AM
18-04-2022 01:15:39 Windows Modules Installer
18-04-2022 01:15:46 Windows Modules Installer
18-04-2022 03:39:55 ThisIsWin11 4/18/2022 3:39:54 AM

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/18/2022 05:00:53 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\HPPC$ via https://AMD-KeyId-57...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 18 Apr 2022 10:00:54 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 742f065d-dd0d-4c3d-b237-b586497a8978

Method: GET(407ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/18/2022 04:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x18a4
Faulting application start time: 0x01d852ffb0c3676e
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 10437989-8f75-40cb-bf0b-bcfc6b5b633d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2022 03:38:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x2ab8
Faulting application start time: 0x01d852ca31a293c7
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 8b626fa0-d693-458e-8cd0-eab98e24033d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2022 09:15:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x2080
Faulting application start time: 0x01d852c3f7e580bf
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 562be43e-acfe-4181-94f3-fecf3fd32a02
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2022 08:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x38f4
Faulting application start time: 0x01d852ba9b2880ac
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 5dd4c2c0-e793-4048-8dde-e8def6fd6508
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2022 07:23:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x3ff4
Faulting application start time: 0x01d852a565df63a4
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 31c18b0f-98b0-42af-9bb7-65ee3baeb7f9
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2022 04:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x49b8
Faulting application start time: 0x01d852701fff01e2
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: a5919c0c-59d8-4333-80f2-febe226f8fc8
Faulting package full name:
Faulting package-relative application ID:

Error: (04/17/2022 10:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Faulting module name: fingagent.exe, version: 2.9.0.0, time stamp: 0x62418624
Exception code: 0x40000015
Fault offset: 0x000e439e
Faulting process id: 0x1ce4
Faulting application start time: 0x01d8522e5a4428f7
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: 1b9cee4a-b248-4ae0-bdec-98a37aabb83c
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/18/2022 05:00:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMSP service failed to start due to the following error:
Insufficient system resources exist to complete the requested service.

Error: (04/18/2022 04:58:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fing.Agent service terminated unexpectedly.  It has done this 9 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (04/18/2022 04:58:55 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1CA66196-4D0C-44BE-9E29-12293B2C3645} because another computer on the network has the same name.  The server could not start.

Error: (04/18/2022 03:38:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fing.Agent service terminated unexpectedly.  It has done this 8 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (04/18/2022 03:38:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1CA66196-4D0C-44BE-9E29-12293B2C3645} because another computer on the network has the same name.  The server could not start.

Error: (04/18/2022 03:38:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3D1E5312-15BD-4E3D-8ABC-D0A8B8AF0873} because another computer on the network has the same name.  The server could not start.

Error: (04/18/2022 03:38:25 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3D1E5312-15BD-4E3D-8ABC-D0A8B8AF0873} because another computer on the network has the same name.  The server could not start.

Error: (04/17/2022 09:15:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fing.Agent service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Windows Defender:
================
Date: 2022-04-04 21:00:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-03 17:25:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-03 15:34:58
Description:
C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2022-04-03T20:34:58.485Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
Security intelligence Version: 1.361.1246.0
Engine Version: 1.1.19000.8
Product Version: 4.18.2202.4

Date: 2022-04-01 02:08:03
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2022-04-01T07:08:03.189Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.361.1116.0
Engine Version: 1.1.19000.8
Product Version: 4.18.2202.4

Date: 2022-04-01 02:04:38
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2022-04-01T07:04:38.095Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.361.1074.0
Engine Version: 1.1.19000.8
Product Version: 4.18.2202.4
Event[0]

Date: 2022-04-01 12:28:48
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-04-01 11:33:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1138.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2022-04-01 11:23:35
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-04-01 11:23:11
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-03-27 23:40:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.859.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-04-18 05:07:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements.

Date: 2022-04-18 05:03:43
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: AMI F.21 09/17/2021
Motherboard: HP 87D6
Processor: AMD Ryzen 3 4300G with Radeon Graphics
Percentage of memory in use: 48%
Total physical RAM: 7556.42 MB
Available physical RAM: 3908.89 MB
Total Virtual: 19332.42 MB
Available Virtual: 15306.99 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.63 GB) (Free:150.42 GB) NTFS

\\?\Volume{1535d5ac-2c24-442f-a7bf-3fdd0fc28b5b}\ (Windows RE tools) (Fixed) (Total:0.57 GB) (Free:0.06 GB) NTFS
\\?\Volume{beaf7cb5-36fc-412a-800f-1da46d570e6d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B7D576A5)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements

#2
DR M
Posted 20 April 2022 - 04:56 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi, TXRocky.
 
Welcome to GTG Forums, and thanks for your patience. 

EPFGbk7.gif
 
 
Based on the logs, I see that you ran a rather old version of FRST (April 10th). The tool had a bug then, which has been fixed now. 
 
If you are still with us, please download the latest version of FRST, run it once more and attach the requested logs.
 
 
====================================


Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
DR M
Posted 22 April 2022 - 12:39 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts
Di you still need assistance?
  • 0

#4
DR M
Posted 24 April 2022 - 04:37 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP