[SOLVED] malwarebytes flagged something i hadn't clicked on

[newbee_4]

I was looking at something on TomsHardware, and Malwarebytes popped up that it had blocked mediagood? I thought I had been careful not to click anything, but worried, so here I am . (didn't get an answer at TSF from a week ago and I was out of town so this is still current)

The next time I went to turn on this laptop, I had a problem that I couldn't enter a password, it was filling in what I think was right-hand brackets. After turning computer off and on, everything seems normal. A full Malwarebytes scan has not turned anything up. But there are a lot of errors showing in Addition.txt, I don't know what any of them mean.

Windows 11 laptop, I was browsing from a Limited account as I usually do though I am owner, admin, only user of this laptop.


Windows 11 Pro v23h2 (HP if that matters)

FRST ( some names of folders and a few pdfs have been redacted for the sake of privacy but I know what they are, if need be)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by localAdmin (administrator) on HP2024 (HP HP ProBook 450 15.6 inch G10 Notebook PC) (28-04-2024 13:27:21)
Running from C:\Users\lim1\Downloads\FRST64.exe
Loaded Profiles: lim1 & localAdmin
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe <6>
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\BridgeCommunication.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_helper.exe
(explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELAN_MOC_Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\Firmware\HpSfuService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_da775d7ecf291310\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_e66412af875019f8\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Plantronics, Inc. -> Poly, Inc.) C:\Program Files (x86)\oz-client\LensUpdateService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP ICS\ICS.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy\WindowsCopilotRuntime.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe [1971496 2024-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EPPCCMON] => "C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE" (No File)
HKLM-x32\...\Run: [HPNotifications] => C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe [1607816 2021-02-11] (HP Inc. -> HP)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [MicrosoftEdgeAutoLaunch_EC3FDABCDB30ABB0CEC8AE37872A60B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIXKE.EXE [421736 2021-11-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\...\Run: [MicrosoftEdgeAutoLaunch_96221EA68B980A59FCEFF09CD18A9F11] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\Run: [MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\windows\system32\EFXLM16A.DLL [182784 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3820 Series 64MonitorBE: C:\windows\system32\E_YLMBXKE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C9311376-FDFC-48E1-A0A0-0CCFA2A0E605} - System32\Tasks\Epson PowerENGAGE => C:\Program Files (x86)\Epson PowerENGAGE\\Epson PowerENGAGE.exe [83606232 2020-04-15] (Aviata, Inc. -> Aviata, Inc.) -> C:\Program Files (x86)\Epson PowerENGAGE\\scheduled-run
Task: {352E31C3-295C-4E3E-8C32-5FB8894D09D8} - System32\Tasks\EPSON WF-3820 Series Update {440E772F-7922-4393-BD40-14D801856FA3} => C:\Windows\System32\spool\drivers\x64\3\E_YTSXKE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {41C981F4-C4C5-4E8E-9C81-A1632AA3BED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-03-25] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {949F191E-FF24-43BE-9723-61BAF42CC7EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-03-25] (HP Inc. -> HP Inc.)
Task: {24F60E04-D0D7-47B5-B219-1DB0BA23B325} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {A5AC5482-32B2-4116-AE0B-B07F4853A695} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {AF3976CE-615D-4601-B8B9-A9F82B762E7A} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {9C8C2DF8-20D6-40EA-81FB-76AD4C96D205} - System32\Tasks\HP\HP ICS\ICS => C:\Program Files (x86)\HP\HP ICS\ICS.exe [76870640 2023-08-02] (HP Inc. -> HP)
Task: {84537291-68E5-41D1-842F-413C9C035923} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EFE5017-26B5-4CF9-982E-C7843C35C33F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DBF2CF-DDD1-4DFB-8B4B-900675F9AE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {93904DA4-B2E3-421B-8F0B-98E07B646974} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {38927666-42A5-4D9B-8942-674E9EAA8F02} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {067418F7-89DE-4A54-9D6B-EDA994842469} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9ADEC95D-144C-4B0E-9780-64C30BC17C44} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {353F05E0-F241-40D1-B419-E5DC1F9BE78D} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {DED41F88-C98B-48F1-B84A-5F34921A5944} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E00E2C27-64F5-4EE1-90AE-69E2FE9EE144} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34208 2024-04-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {6FAF845C-A25C-4F2B-95B5-A1AE9E334DED} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2638474035-1427330621-2262840621-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\EPSON WF-3820 Series Update {440E772F-7922-4393-BD40-14D801856FA3}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSXKE.EXE:/EXE:{440E772F-7922-4393-BD40-14D801856FA3} /F:UpdateWORKGROUP\HP2024$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{c614c50d-07fe-4c96-af5b-8057e4238c68}: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{f16a1696-2464-4ebb-a508-8f13213092de}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-27]
Edge Extension: (Google Docs Offline) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-17]
Edge Extension: (Edge relevant text changes) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-10]

FireFox:
========
FF DefaultProfile: 679zlrmu.default
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\679zlrmu.default [2024-02-10]
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\w123x27c.default-release [2024-04-27]
FF Homepage: Mozilla\Firefox\Profiles\w123x27c.default-release -> chrome://browser/content/blanktab.html
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749256 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe [546416 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 ELAN_MOC_Service; C:\windows\System32\ELAN_MOC_Service.exe [237984 2023-07-25] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [206304 2020-01-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FMAPOService; C:\windows\System32\FMService64.exe [990240 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe [1494464 2024-01-19] (HP Inc. -> HP Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [475680 2023-04-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe [895552 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe [542760 2024-01-19] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe [894416 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe [890832 2024-03-03] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149448 2020-07-23] (HP Inc. -> HP)
R2 hpsvcsscan; C:\windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe [6959760 2023-10-06] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe [894928 2024-03-03] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe [493232 2024-03-03] (HP Inc. -> HP Inc.)
S2 Intel(R) Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe [2781336 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe [606648 2024-01-19] (HP Inc. -> HP Inc.)
R2 LensUpdateService; c:\Program Files (x86)\oz-client\LensUpdateService.exe [1168464 2023-07-29] (Plantronics, Inc. -> Poly, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-19] (Malwarebytes Inc. -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522080 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SFUService; C:\windows\Firmware\HpSfuService.exe [890320 2023-01-23] (HP Inc. -> HP Inc.)
S2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [317664 2023-06-28] (CODE SECTOR PTY LTD -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R3 AX88179A; C:\windows\System32\DriverStore\FileRepository\axusbeth.inf_amd64_88fb34fbbab9fd2d\AxUsbEth.sys [153472 2023-12-20] (WDKTestCert AndyChen,132652806163117881 -> ASIX Electronics Corp.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [544768 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-07-11] (Microsoft Corporation) [File not signed]
S3 CtaChildDriver; C:\windows\System32\drivers\CtaChildDriver.sys [55704 2023-07-24] (Intel Corporation -> )
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [158640 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\windows\System32\drivers\fse.sys [218592 2024-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_5274b380f5049141\GSCAuxDriverx64.sys [108912 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_02d43148181ce541\TeeDriverGSCW8x64.sys [278472 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_30453d6d1e260f1a\iaLPSS2_SPI_ADL.sys [162816 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_d0516100086dd669\iaLPSS2_UART2_ADL.sys [319488 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 IntcSdwBus; C:\windows\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_a7c91360744c6f58\IntcSdwBus.sys [523608 2023-07-27] (Intel Corporation -> Intel(R) Corporation)
R3 IntcUSB; C:\windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-09-27] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_ec05d531d6f2e4c0\Intel_NF_I2C.sys [222656 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_f2084be6bb835256\ipf_acpi.sys [87192 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_cpu.sys [80536 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_lf.sys [445080 2023-01-17] (Intel Corporation -> Intel Corporation)
R0 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223296 2024-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt11.sys [234312 2024-04-28] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [78400 2024-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [188784 2024-04-28] (Malwarebytes Inc. -> Malwarebytes)
R3 rt68cx21; C:\windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_e22bbb0ee4890706\rt68cx21x64.sys [742272 2023-07-13] (Realtek Semiconductor Corp. -> Realtek)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-02-03] (Microsoft Windows -> )
R3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [20936 2024-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [601376 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 WiManHu; C:\windows\System32\DriverStore\FileRepository\wiman.inf_amd64_e8edc74538613ea4\WiManHu\WiManHu.sys [211624 2023-12-18] (Intel Corporation -> Intel Corporation)
S3 ax_pvi; \??\C:\Program Files\HP\Sure Click\bin\ax_pvi.sys [X]
S3 uxen; \??\C:\Program Files\HP\Sure Click\bin\uxen.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========TSF PLEASE NOTE I CHANGED SOME NAMES IN THIS SECTION FOR PRIVACY

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-28 13:27 - 2024-04-28 13:27 - 000028654 _ C:\Users\lim1\Downloads\FRST.txt
2024-04-28 13:24 - 2024-04-28 13:27 - 000000000 ____D C:\FRST
2024-04-28 13:23 - 2024-04-28 13:23 - 002394112 _ (Farbar) C:\Users\lim1\Downloads\FRST64.exe
2024-04-28 13:13 - 2024-04-28 13:13 - 000234312 _ (Malwarebytes) C:\windows\system32\Drivers\farflt11.sys
2024-04-28 13:13 - 2024-04-28 13:13 - 000188784 _ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2024-04-27 20:55 - 2024-04-27 20:55 - 000011196 _ C:\Users\lim1\AppData\LocalLow\e3739b8d6f71e19a92d1f99870f64aa7724af502e450393dfb98fb1fea4db9cc
2024-04-27 20:55 - 2024-04-27 20:55 - 000000026 _ C:\Users\lim1\AppData\LocalLow\fbbc84dbdb6d7e9f8df02de721cf9747793a562137165b046ecbf3bb68fc4d78
2024-04-24 05:27 - 2024-04-24 11:47 - 000000000 ____D C:\Users\lim1\Desktop\for REMOTE GMAIL FOR REDACTED
2024-04-24 05:01 - 2024-04-24 05:01 - 000002260 _ C:\Users\localAdmin\AppData\LocalLow\03a9d835bfb56f1e24d7a1ac63272dca5a836d628701760777e2f9511ac732aa
2024-04-24 04:58 - 2024-04-24 05:06 - 000000000 ____D C:\Users\localAdmin\Desktop\settings to temp change for REDACTED
2024-04-22 17:36 - 2024-04-22 17:36 - 019340635 _ C:\Users\lim1\Downloads\NMR in Biomedicine - 2022 - Shang REDACTED
2024-04-22 17:21 - 2024-04-22 17:21 - 004598520 _ C:\Users\lim1\Downloads\JXXX REDACTED
2024-04-22 15:53 - 2024-04-24 08:49 - 000000000 ____D C:\Users\lim1\Desktop\jmri REDACTED
2024-04-19 21:09 - 2024-04-19 21:09 - 000084018 _ C:\Users\lim1\Downloads\ara REDACTED.PDF
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _ C:\Users\lim1\Downloads\sam REDACTED.PDF
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _ C:\Users\lim1\Downloads\gi REDACTED.pdf
2024-04-17 11:36 - 2024-04-22 15:58 - 000000000 ____D C:\Users\lim1\Desktop\JXXX 2 REDACTED
2024-04-17 11:16 - 2024-04-28 13:14 - 000011196 _ C:\Users\lim1\AppData\LocalLow\35d76ce50472a1bc6d5e5d05e31a4788cdd6b1edadb3658e2a7538b01ae38a6a
2024-04-17 11:16 - 2024-04-17 11:16 - 000000026 _ C:\Users\lim1\AppData\LocalLow\08c99299a625780534f1ce0f0f1d7c01c78c158501eae94a3fa89bd661e91f61
2024-04-17 11:13 - 2024-04-17 11:13 - 000000000 ____D C:\windows\SysWOW64\DDFs
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-17 11:06 - 2024-04-17 11:08 - 000000000 ___HD C:\$WinREAgent
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\EpsonPowerENGAGE
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Epson PowerENGAGE
2024-04-17 10:56 - 2024-02-26 00:38 - 006115800 _ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2024-04-17 10:40 - 2024-04-17 10:40 - 000012313 _ C:\Users\localAdmin\AppData\LocalLow\d2274c3e4945e3a566f02343fcdb38a11fcd8e2e4edbfdd68fffd7c99ad840ed
2024-04-17 10:40 - 2024-04-17 10:40 - 000000026 _ C:\Users\localAdmin\AppData\LocalLow\830496b083eed9047906c5214edd2478790321b5759d0e5e13d5ae8446082538
2024-04-05 12:23 - 2024-04-05 12:23 - 000000000 _ C:\Users\lim1\Desktop\New Text Document (4).txt
2024-04-05 00:16 - 2024-04-05 00:16 - 000000000 _ C:\Users\lim1\Desktop\New Text Document (3).txt
2024-04-04 22:39 - 2024-04-19 20:41 - 000000000 ____D C:\Users\lim1\Desktop\apple REDACTED
2024-04-04 22:33 - 2024-04-04 22:33 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Hyperionics
2024-04-04 22:20 - 2024-04-04 22:28 - 000000000 _ C:\Users\lim1\Desktop\New Text Document (2).txt
2024-04-02 12:27 - 2024-04-02 13:26 - 000000000 _ C:\Users\lim1\Desktop\New Text Document.txt
2024-04-02 11:36 - 2024-04-02 11:36 - 003430397 _ C:\Users\lim1\Downloads\pe REDACTED.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-28 13:19 - 2024-02-04 09:28 - 000025438 _ C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-04-28 13:19 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Malwarebytes
2024-04-28 13:18 - 2023-09-21 00:22 - 000803640 _ C:\windows\system32\PerfStringBackup.INI
2024-04-28 13:18 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-04-28 13:16 - 2024-02-04 00:12 - 000758770 _ C:\Users\lim1\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-04-28 13:15 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-04-28 13:13 - 2023-08-26 10:47 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-28 13:13 - 2023-08-26 10:47 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-04-28 13:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-04-28 13:13 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-28 13:12 - 2022-05-07 01:17 - 001310720 _ C:\windows\system32\config\BBI
2024-04-27 23:39 - 2024-02-04 00:41 - 000000000 ____D C:\Users\lim1\AppData\Roaming\TeraCopy
2024-04-27 23:16 - 2024-01-19 12:32 - 000000000 ____D C:\Users\lim1\Desktop\e_DKTP_RCT
2024-04-27 23:14 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Packages
2024-04-27 22:24 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\D3DSCache
2024-04-27 22:16 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Malwarebytes
2024-04-27 22:14 - 2024-03-05 14:49 - 000025438 _ C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-04-27 22:12 - 2024-02-10 10:50 - 000000128 _ C:\Users\localAdmin\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 22:10 - 2024-02-10 10:50 - 000390708 _ C:\Users\localAdmin\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-04-27 22:07 - 2024-02-03 21:24 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2024-04-27 22:06 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\SleepStudy
2024-04-27 21:35 - 2024-02-04 09:19 - 000000128 _ C:\Users\lim1\AppData\LocalLow\36422c630cce2905dea2db2c59148cc350904c7c50ddf7c69832f9d9b073b37c
2024-04-27 21:35 - 2024-01-19 12:49 - 000000000 ____D C:\Users\lim1\Desktop\e_ REDACTED jan18
2024-04-27 21:24 - 2024-03-04 22:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Word
2024-04-27 21:24 - 2024-02-15 20:22 - 000000128 _ C:\Users\lim1\AppData\LocalLow\9ec917ee32f9e5393a9300225bdc0e5946d34fa14cacd5aacf7fb0b79eeaa5e8
2024-04-27 21:24 - 2024-02-05 19:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Excel
2024-04-27 21:23 - 2023-08-26 10:47 - 000002446 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-27 21:23 - 2023-08-26 10:47 - 000002284 _ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-27 21:19 - 2024-02-04 00:12 - 000000128 _ C:\Users\lim1\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 21:02 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-04-27 21:01 - 2024-02-04 09:19 - 000031209 _ C:\Users\lim1\AppData\LocalLow\44d9559d2dfe2484a313422996e5da1bc1d2fced2fed59067875e5bd5807d230
2024-04-27 20:59 - 2022-02-11 08:11 - 000000000 ____D C:\Users\lim1\Desktop\cit REDACTED
2024-04-25 22:45 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Packages
2024-04-25 22:45 - 2023-08-26 10:57 - 000000000 ____D C:\ProgramData\Packages
2024-04-25 22:44 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-25 09:33 - 2024-02-03 20:23 - 000000000 ____D C:\Users\lim1\Desktop\li REDACTED
2024-04-24 14:04 - 2024-02-04 00:41 - 000000000 ____D C:\Users\saraa\AppData\Roaming\TeraCopy
2024-04-24 14:03 - 2024-02-03 21:04 - 000000000 ____D C:\Users\saraa\AppData\Local\D3DSCache
2024-04-24 13:59 - 2024-02-03 22:47 - 000025438 _ C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-04-24 13:57 - 2024-02-03 23:17 - 000000000 ____D C:\Users\saraa\AppData\Local\Malwarebytes
2024-04-24 13:57 - 2024-02-03 20:36 - 000000000 ____D C:\Users\saraa\AppData\Local\Packages
2024-04-24 11:46 - 2023-11-30 17:31 - 000000000 ____D C:\Users\lim1\Desktop\cle REDACTED
2024-04-24 10:47 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\D3DSCache
2024-04-24 06:41 - 2024-02-04 09:32 - 000000000 ____D C:\Users\lim1\AppData\Local\CrashDumps
2024-04-24 06:41 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\SoundResearch
2024-04-24 05:10 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-24 05:10 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-24 04:59 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Microsoft\Spelling
2024-04-22 14:32 - 2024-02-03 23:04 - 000001013 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-21 19:15 - 2023-09-21 00:16 - 000001623 _ C:\windows\system32\config\VSMIDK
2024-04-17 11:39 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-17 11:14 - 2023-08-26 10:47 - 000534352 _ C:\windows\system32\FNTCACHE.DAT
2024-04-17 11:13 - 2024-02-03 20:57 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-04-17 11:13 - 2023-09-21 00:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\HealthAttestationClient
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\DDFs
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\Provisioning
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\PolicyDefinitions
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-04-17 11:11 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-04-17 11:10 - 2023-08-26 10:49 - 003213824 _ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2024-04-17 10:46 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\Drivers\wd
2024-04-17 10:45 - 2024-02-03 22:19 - 000000000 ____D C:\windows\system32\MRT
2024-04-17 10:43 - 2024-02-03 22:19 - 192651728 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2024-04-04 22:18 - 2023-08-26 10:47 - 000003536 _ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 22:18 - 2023-08-26 10:47 - 000003412 _ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-04 22:08 - 2024-03-07 16:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Hewlett-Packard
2024-04-04 22:07 - 2024-03-07 16:50 - 000000000 ____D C:\SWSetup
2024-04-02 13:17 - 2022-10-22 16:05 - 000000000 ____D C:\Users\lim1\Desktop\com REDACTED

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by localAdmin (28-04-2024 13:27:50)
Running from C:\Users\lim1\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) (2024-02-04 06:47:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2638474035-1427330621-2262840621-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2638474035-1427330621-2262840621-503 - Limited - Disabled)
Guest (S-1-5-21-2638474035-1427330621-2262840621-501 - Limited - Enabled)
lim1 (S-1-5-21-2638474035-1427330621-2262840621-1002 - Limited - Enabled) => C:\Users\lim1
localAdmin (S-1-5-21-2638474035-1427330621-2262840621-1003 - Administrator - Enabled) => C:\Users\localAdmin
saraa (S-1-5-21-2638474035-1427330621-2262840621-1001 - Administrator - Enabled) => C:\Users\saraa
WDAGUtilityAccount (S-1-5-21-2638474035-1427330621-2262840621-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson PowerENGAGE 3.5.1 (HKLM-x32\...\25e3def4-1763-5663-8776-91b0a5982398) (Version: 3.5.1 - Aviata, Inc.)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{E4C6B326-8218-4FC2-8B48-85A19DAB3AE4}) (Version: 1.03.02.01 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
EPSON WF-3820 Series Printer Uninstall (HKLM\...\EPSON WF-3820 Series) (Version: - Seiko Epson Corporation)
Epson WF-3820 User’s Guide (HKLM-x32\...\UsersGuideEpson WF-3820 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Notifications (HKLM-x32\...\{84937F28-9CB4-49E7-A2CF-E32D97E6DAE6}) (Version: 1.1.28.1 - HP)
HP Sure Recover (HKLM\...\{BEFF0728-1E80-441E-9E23-2142634046C8}) (Version: 10.1.19.210 - HP Inc.)
HP Sure Run Module (HKLM\...\{2439AE5C-1F6E-4AD4-A403-D1BD8C6945B4}) (Version: 5.0.5.59 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{29C20505-3240-4B32-93B7-09BECA8CEF36}) (Version: 1.4.16.17 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{5C1C084D-1DB7-4CAB-840F-E5DD386C2A50}) (Version: 1.4.16.22 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{C4192E14-642D-4A9C-84BA-38FD0963F19D}) (Version: 1.4.16.16 - HP Inc.) Hidden
HyperSnap 8 (HKLM\...\HyperSnap 8) (Version: 8.24.04 - Hyperionics Technology LLC)
ICS (HKLM-x32\...\{5CD25FCD-D218-46D0-B405-E5A488969BDF}) (Version: 3.1.8.14 - HP Inc.)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Office Home and Student 2021 - en-us (HKLM\...\HomeStudent2021Retail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27024 (HKLM-x32\...\{7258184A-EC44-4B1A-A7D3-68D85A35BFD0}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27024 (HKLM-x32\...\{5EEFCEFB-E5F7-4C82-99A5-813F04AA4FBD}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 125.0.2 (x64 en-US)) (Version: 125.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20264 - Microsoft Corporation) Hidden
Poly Lens (HKLM-x32\...\{6E176115-6EB6-4D5D-948F-A6347E3DAB56}) (Version: 1.1.28.5852 - Poly, Inc.)
TeraCopy (HKLM\...\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}) (Version: 3.17 - Code Sector)

Packages:
=========

HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.50.322.0_x64__dt26b99r8h8gj [2024-04-24] (Realtek Semiconductor Corp)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.5.1.0_x64__v10z8vjag6ke6 [2024-04-24] (HP Inc.)
HP Power Manager -> C:\Program Files\WindowsApps\AD2F1837.HPPowerManager_3.1.8.0_x64__v10z8vjag6ke6 [2024-02-10] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-03-07] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.39.0_x64__v10z8vjag6ke6 [2024-03-06] (HP Inc.)
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-24] (INTEL CORP) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-12] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.33.0_x64__cw5n1h2txyewy [2024-04-24] (Microsoft Windows) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_30.52407.200.0_x64__v10z8vjag6ke6 [2024-03-05] (HP Inc.) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-03-06] (Microsoft Studios) [MS Ad]
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpbus-ubpl&ref=aagateway-businesspc-hp

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\lim1\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\lim1\Downloads\HS8Setup.exe:MBAM.Zone.Identifier [146]
AlternateDataStreams: C:\Users\lim1\Downloads\teracopy.exe:MBAM.Zone.Identifier [140]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA(1).exe:MBAM.Zone.Identifier [116]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA.exe:MBAM.Zone.Identifier [116]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-03-25] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-03-25] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
DNS Servers: 192.168.30.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "EPPCCMON"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1CB6AC14-CEA1-414D-87A8-110DFBC25EBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74A147A7-6E71-47EE-BBD3-CD2538EB0FE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B225B16B-7B44-4901-B10E-9BF47556BF08}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{588E622A-499C-4F17-AEDB-30F411D50DAB}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{DA867C4A-7687-4BDD-83B4-555E9FB78B29}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F31BDE0-67B8-4049-9D76-A3B64E28ABCE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{470CA138-FF7F-4061-AE00-10488AB4380A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

19-04-2024 17:58:31 Scheduled Checkpoint
23-04-2024 21:34:27 Windows Update

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wi-Fi 6E AX211 160MHz
Description: Intel(R) Wi-Fi 6E AX211 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw14
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/28/2024 01:13:19 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/28/2024 01:12:46 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Faulting module name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Exception code: 0xc0000005
Fault offset: 0x00078df4
Faulting process id: 0x0x1c08
Faulting application start time: 0x0x1da9910aa3cc3a6
Faulting application path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Faulting module path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Report Id: f80f2240-88cb-45a4-9a57-c3e59ef9d9f1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2024 10:06:21 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/27/2024 09:42:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/27/2024 09:42:27 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Faulting module name: ntdll.dll, version: 10.0.22621.3374, time stamp: 0x3fddb55c
Exception code: 0xc0000005
Fault offset: 0x0004f5b7
Faulting process id: 0x0x1c50
Faulting application start time: 0x0x1da973bf796b65b
Faulting application path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 7d446ec9-88c0-409d-9241-5aa7370970ac
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2024 02:11:17 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/24/2024 06:41:32 AM) (Source: Application Error) (EventID: 1000) (User: hp2024)
Description: Faulting application name: msteams.exe, version: 24060.3102.2733.5911, time stamp: 0x65e1c697
Faulting module name: msteams.exe, version: 24060.3102.2733.5911, time stamp: 0x65e1c697
Exception code: 0xc0000005
Fault offset: 0x00000000004a39d1
Faulting process id: 0x0x3560
Faulting application start time: 0x0x1da9633b53ddbd1
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe
Report Id: 393e3b7f-f28c-4149-a5cf-495fc00e0644
Faulting package full name: MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftTeams

Error: (04/24/2024 05:34:54 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer


System errors:
=============
Error: (04/28/2024 01:13:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/28/2024 01:13:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.

Error: (04/27/2024 10:06:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2024 10:06:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.

Error: (04/27/2024 09:42:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2024 09:42:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.

Error: (04/25/2024 02:13:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.409.508.0) - Current Channel (Broad).

Error: (04/25/2024 02:11:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================Event[0]

Date: 2024-04-17 11:13:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.343.0;1.409.343.0
Engine Version: 1.1.24030.4�

Date: 2024-04-17 10:46:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.343.0;1.409.343.0
Engine Version: 1.1.24030.4�

Date: 2024-04-17 10:46:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.741.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x8007045b
Error description: A system shutdown is in progress. �

Date: 2024-03-27 05:27:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.3469.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8007045b
Error description: A system shutdown is in progress. �

Date: 2024-03-27 05:22:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.407.741.0
Previous security intelligence Version: 1.403.3469.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24020.9
Previous Engine Version: 1.1.23110.2
Error code: 0x80070002
Error description: The system cannot find the file specified. �

CodeIntegrity:
===============
Date: 2024-03-10 14:45:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.�

Date: 2024-03-10 14:06:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.�


==================== Memory info ===========================

BIOS: HP V72 Ver. 01.04.00 01/19/2024
Motherboard: HP 8B7C
Processor: 13th Gen Intel(R) Core(TM) i7-1355U
Percentage of memory in use: 54%
Total physical RAM: 7824.31 MB
Available physical RAM: 3546.66 MB
Total Virtual: 10384.31 MB
Available Virtual: 5310.56 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:475.67 GB) (Free:175.39 GB) (Model: KBG50ZNV512G KIOXIA) NTFS

\\?\Volume{40d6b26e-4f6c-49fb-920d-5ba0dc07b7a2}\ (Windows RE Tools) (Fixed) (Total:0.99 GB) (Free:0.07 GB) NTFS
\\?\Volume{37712f39-7ea7-4090-9bc3-417a458380ae}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.12 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1B77B9C9)

Partition: GPT.

==================== End of Addition.txt =======================

 

[DR M]

Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


================

I'm currently reviewing your logs, and I'll be back to you as soon as I am ready.

 

[DR M]

Hi, again.

These are my first comments/instructions regarding your logs:

1. FRST fix

Please do the following to run a FRST fix. First, make sure to move the tool from your Downloads folder on to your Desktop.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {6FAF845C-A25C-4F2B-95B5-A1AE9E334DED} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2638474035-1427330621-2262840621-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
S3 ax_pvi; \??\C:\Program Files\HP\Sure Click\bin\ax_pvi.sys [X]
S3 uxen; \??\C:\Program Files\HP\Sure Click\bin\uxen.sys [X]
File: C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File: C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File: C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

2. Malwarebytes

Do you have Malwarebytes Premium or free?

Please, change a setting, so Microsoft Defender will act as the primary security solution, and Malwarebytes as the antimalware:

• Open Malwarebytes.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Close the program.

3. ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply please post:

1. The fixlog.txt
2. A reply about Malwarebytes and if you successfully changed the setting
3. The eset.txt

 

[newbee_4]

Quick note - before doing any of above, hope it is ok - I had been away for some days. From the local account, updated Malwarebytes, ran Windows Update which did some little file, updated Firefox . Then -- From the local Admin account, I downloaded a new copy of FRST figuring it might avoid issues to run from an admin account. Ran the fix as above from the admin account -- see file copied in below.

Re Malwarebytes - I do have Premium, have had it for some time. They have recently changed their interface, it happened on this computer just now, so the options do not exactly correspond. I have included screenshots of my current settings (unchanged from prior) - I think they were already as you recommend but I am not positive? Please look. Sorry it is a bunch of screenshots. I cannot tell about that Windows setting? Please let me know.

Re ESET - it failed in the middle my first go-round during scanning of a downloaded (several gb) email backup that was on the desktop of my Limited account, I am running it from my Admin account. Going to try ESET again, that fail happened possibly because it turned out Malwarebytes was scanning at the same time. Will post shortly.

For now --


Fix---

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by localAdmin (07-05-2024 13:31:50) Run:1
Running from C:\Users\localAdmin\Desktop
Loaded Profiles: saraa & lim1 & localAdmin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {6FAF845C-A25C-4F2B-95B5-A1AE9E334DED} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2638474035-1427330621-2262840621-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
S3 ax_pvi; \??\C:\Program Files\HP\Sure Click\bin\ax_pvi.sys [X]
S3 uxen; \??\C:\Program Files\HP\Sure Click\bin\uxen.sys [X]
File: C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File: C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File: C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully

"C:\windows\system32\GroupPolicy\Machine" Folder move:

C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully

"C:\windows\system32\GroupPolicy\User" Folder move:

C:\windows\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FAF845C-A25C-4F2B-95B5-A1AE9E334DED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAF845C-A25C-4F2B-95B5-A1AE9E334DED}" => removed successfully
C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2638474035-1427330621-2262840621-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2638474035-1427330621-2262840621-500" => removed successfully
HKLM\System\CurrentControlSet\Services\ax_pvi => removed successfully
ax_pvi => service removed successfully
HKLM\System\CurrentControlSet\Services\uxen => removed successfully
uxen => service removed successfully

========================= File: C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e ========================

C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File not signed
MD5: 3394F4B5C76A2744BAF456EBADD60252
Creation and modification date: 2024-02-04 09:28 - 2024-05-07 13:20
Size: 000025438
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
Virusscan: b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e - Jotti's malware scan

====== End of File: ======


========================= File: C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e ========================

C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File not signed
MD5: EBBC2C4EF723840D5BCF9E4F3904D0E7
Creation and modification date: 2024-03-05 14:49 - 2024-05-07 13:31
Size: 000025438
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
Virusscan: b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e - Jotti's malware scan

====== End of File: ======


========================= File: C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e ========================

C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
File not signed
MD5: AD4660F752D52793EF215A6D32203A60
Creation and modification date: 2024-02-03 22:47 - 2024-04-24 13:59
Size: 000025438
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
Virusscan: b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e - Jotti's malware scan

====== End of File: ======


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19143200 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 247645954 B
Edge => 0 B
Firefox => 117072106 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 440806 B
NetworkService => 481840 B
saraa => 471951399 B
lim1 => 812252177 B
localAdmin => 894495187 B

RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:32:12 ====

 

[DR M]

Hi.

A kind reminder:

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after.

You can't run two scans at the same time. Plus, I didn't ask you to run a Malwarebytes scan. You already said you did make a Malwarebytes scan, with no detections.

I must admit that you confused me a bit. Your previous logs were created from a scan as administrator. You mean you ran another scan after that one?

Anyway, I see that the fixlist was applied.

Now, let's take it step by step to avoid conflicts and confusions and time wasting. If you have questions, please ask before you proceed to anything.

1. Malwarebytes settings

• Open Malwarebytes.
• Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
• Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
• Return to the Dashboard and close the program.

2. Eset Online Scan

Please run Eset Online Scanner as instructed above and post the results in your next reply.

 

[newbee_4]

Sorry! I didn't deliberately run Malwarebytes but I guess it ran its scheduled scan.
I changed that Malwarebytes -- General -- Always Register Malwarebytes in the Security Settings tab. I immediately got a popup about Windows Defender? Attached below is a screenshot of my current settings, please look and tell me if it is ok?


ESET ran and detected no errors but I did not save log, ran it again and--
5/7/2024 16:17:43 PM
Scanned files: 321442
Detected files: 0
Cleaned files: 0
Total scan time: 00:48:19
Scan status: Finished

 

[DR M]

Hello.

Yes, everything looks fine.

Let's see fresh FRST logs, Addition and FRST, now.

 

[newbee_4]

quick question before I do that - these are the Farbar options that auto-populated. Are they ok?? especially Whitelist one month?

 

[newbee_4]

Having a new terrible problem
"Windows cannot find" basically any of my files even if they are open and I am looking at them, restarted and moved some off desktop and it is better when I do that?

FRST while I can --
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by localAdmin (administrator) on HP2024 (HP HP ProBook 450 15.6 inch G10 Notebook PC) (08-05-2024 13:34:45)
Running from C:\Users\lim1\Desktop\FRST64(2).exe
Loaded Profiles: saraa & lim1 & localAdmin
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\BridgeCommunication.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_helper.exe
(explorer.exe ->) (CODE SECTOR PTY LTD -> ) C:\Program Files\TeraCopy\TeraCopy.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (CODE SECTOR PTY LTD -> ) C:\Program Files\TeraCopy\TeraCopyService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELAN_MOC_Service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\Firmware\HpSfuService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_da775d7ecf291310\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_e66412af875019f8\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Plantronics, Inc. -> Poly, Inc.) C:\Program Files (x86)\oz-client\LensUpdateService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe <3>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP ICS\ICS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_807802da47ae00a3\RtkAudUService64.exe [1971496 2024-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EPPCCMON] => "C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE" (No File)
HKLM-x32\...\Run: [HPNotifications] => C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe [1607816 2021-02-11] (HP Inc. -> HP)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [MicrosoftEdgeAutoLaunch_EC3FDABCDB30ABB0CEC8AE37872A60B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIXKE.EXE [421736 2021-11-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\...\Run: [MicrosoftEdgeAutoLaunch_96221EA68B980A59FCEFF09CD18A9F11] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\Run: [MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\windows\system32\EFXLM16A.DLL [182784 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3820 Series 64MonitorBE: C:\windows\system32\E_YLMBXKE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025FC89C-4FAD-4686-9373-0C152FFDA146} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-05-07] (ESET, spol. s r.o. -> ESET)
Task: {E8C4F480-03F5-4342-806C-A345B7D1F10C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-05-07] (ESET, spol. s r.o. -> ESET)
Task: {C9311376-FDFC-48E1-A0A0-0CCFA2A0E605} - System32\Tasks\Epson PowerENGAGE => C:\Program Files (x86)\Epson PowerENGAGE\\Epson PowerENGAGE.exe [83606232 2020-04-15] (Aviata, Inc. -> Aviata, Inc.) -> C:\Program Files (x86)\Epson PowerENGAGE\\scheduled-run
Task: {41C981F4-C4C5-4E8E-9C81-A1632AA3BED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-03-25] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {949F191E-FF24-43BE-9723-61BAF42CC7EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-03-25] (HP Inc. -> HP Inc.)
Task: {2EE3896D-6150-4A57-B9F5-32D5E4F5BE9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {A5AC5482-32B2-4116-AE0B-B07F4853A695} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {32938AC5-5B00-4979-A3CA-D5E6081105DB} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310832 2024-03-25] (HP Inc. -> HP Inc.)
Task: {3CA3B65F-E0CC-4723-AB80-891EF7D4B00C} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316456 2024-03-25] (HP Inc. -> )
Task: {AF3976CE-615D-4601-B8B9-A9F82B762E7A} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {9C8C2DF8-20D6-40EA-81FB-76AD4C96D205} - System32\Tasks\HP\HP ICS\ICS => C:\Program Files (x86)\HP\HP ICS\ICS.exe [76870640 2023-08-02] (HP Inc. -> HP)
Task: {84537291-68E5-41D1-842F-413C9C035923} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EFE5017-26B5-4CF9-982E-C7843C35C33F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DBF2CF-DDD1-4DFB-8B4B-900675F9AE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {93904DA4-B2E3-421B-8F0B-98E07B646974} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {38927666-42A5-4D9B-8942-674E9EAA8F02} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F24F6BE-58B4-4ADE-BC2A-474BD70E352A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7319DB32-F6A9-4D6B-A0D3-36D6352F36BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A5DA474-0544-48EC-9927-1F4CBBF268AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0647D05A-43C6-47AB-B3B0-7B3522D97676} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {067418F7-89DE-4A54-9D6B-EDA994842469} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9ADEC95D-144C-4B0E-9780-64C30BC17C44} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {353F05E0-F241-40D1-B419-E5DC1F9BE78D} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {DED41F88-C98B-48F1-B84A-5F34921A5944} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2638474035-1427330621-2262840621-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E00E2C27-64F5-4EE1-90AE-69E2FE9EE144} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-07] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{c614c50d-07fe-4c96-af5b-8057e4238c68}: [DhcpNameServer] 192.168.30.1
Tcpip\..\Interfaces\{f16a1696-2464-4ebb-a508-8f13213092de}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-07]
Edge Extension: (Google Docs Offline) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-17]
Edge Extension: (Edge relevant text changes) - C:\Users\localAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-10]

FireFox:
========
FF DefaultProfile: 679zlrmu.default
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\679zlrmu.default [2024-05-07]
FF ProfilePath: C:\Users\localAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\w123x27c.default-release [2024-05-07]
FF Homepage: Mozilla\Firefox\Profiles\w123x27c.default-release -> chrome://browser/content/blanktab.html
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749256 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe [546416 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 ELAN_MOC_Service; C:\windows\System32\ELAN_MOC_Service.exe [237984 2023-07-25] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [206304 2020-01-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FMAPOService; C:\windows\System32\FMService64.exe [990240 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HotKeyServiceUWP.exe [1494464 2024-01-19] (HP Inc. -> HP Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [475680 2023-04-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\AppHelperCap.exe [895552 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\HPAudioAnalytics.exe [542760 2024-01-19] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\DiagsCap.exe [894416 2024-03-03] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\NetworkCap.exe [890832 2024-03-03] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149448 2020-07-23] (HP Inc. -> HP)
R2 hpsvcsscan; C:\windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_ed7f321251b7de5f\x64\hpsvcsscan.exe [6959760 2023-10-06] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64\SysInfoCap.exe [894928 2024-03-03] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_b76d40fc96db3872\x64\TouchpointAnalyticsClientService.exe [493232 2024-03-03] (HP Inc. -> HP Inc.)
S2 Intel(R) Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe [2781336 2023-01-17] (Intel Corporation -> Intel Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_6c234fdd160946fe\LanWlanWwanSwitchingServiceUWP.exe [606648 2024-01-19] (HP Inc. -> HP Inc.)
R2 LensUpdateService; c:\Program Files (x86)\oz-client\LensUpdateService.exe [1168464 2023-07-29] (Plantronics, Inc. -> Poly, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522080 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SFUService; C:\windows\Firmware\HpSfuService.exe [890320 2023-01-23] (HP Inc. -> HP Inc.)
R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [317664 2023-06-28] (CODE SECTOR PTY LTD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R3 AX88179A; C:\windows\System32\DriverStore\FileRepository\axusbeth.inf_amd64_3d31862f0ad37854\AxUsbEth.sys [158232 2024-04-11] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [544768 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-07-11] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-07-11] (Microsoft Corporation) [File not signed]
S3 CtaChildDriver; C:\windows\System32\drivers\CtaChildDriver.sys [55704 2023-07-24] (Intel Corporation -> )
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [158640 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\windows\System32\drivers\fse.sys [218592 2024-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_5274b380f5049141\GSCAuxDriverx64.sys [108912 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_02d43148181ce541\TeeDriverGSCW8x64.sys [278472 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_30453d6d1e260f1a\iaLPSS2_SPI_ADL.sys [162816 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_d0516100086dd669\iaLPSS2_UART2_ADL.sys [319488 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-09-27] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_ec05d531d6f2e4c0\Intel_NF_I2C.sys [222656 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_f2084be6bb835256\ipf_acpi.sys [87192 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_cpu.sys [80536 2023-01-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_lf.sys [445080 2023-01-17] (Intel Corporation -> Intel Corporation)
R0 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt11.sys [234856 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [78400 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [188784 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsld8c7ae59; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55077A1C-6B3D-4FE9-AAD8-407DFB61EA10}\MpKslDrv.sys [271648 2024-05-08] (Microsoft Windows -> Microsoft Corporation)
R3 rt68cx21; C:\windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_e22bbb0ee4890706\rt68cx21x64.sys [742272 2023-07-13] (Realtek Semiconductor Corp. -> Realtek)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-02-03] (Microsoft Windows -> )
R0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 WiManHu; C:\windows\System32\DriverStore\FileRepository\wiman.inf_amd64_e8edc74538613ea4\WiManHu\WiManHu.sys [211624 2023-12-18] (Intel Corporation -> Intel Corporation)
S4 IntcSdwBus; \SystemRoot\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_a7c91360744c6f58\IntcSdwBus.sys [X]
S4 Netwtw12; \SystemRoot\System32\DriverStore\FileRepository\netwtw6e.inf_amd64_cc3a2460c42c06f6\Netwtw12.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-08 13:34 - 2024-05-08 13:35 - 000029728 _____ C:\Users\lim1\Desktop\FRST.txt
2024-05-08 13:22 - 2024-05-08 13:24 - 002394112 _____ (Farbar) C:\Users\lim1\Desktop\FRST64(2).exe
2024-05-08 13:22 - 2024-05-08 13:23 - 002394112 _____ (Farbar) C:\Users\lim1\Downloads\FRST64(1).exe
2024-05-07 16:18 - 2024-05-07 16:18 - 000011196 _____ C:\Users\localAdmin\AppData\LocalLow\35d76ce50472a1bc6d5e5d05e31a4788cdd6b1edadb3658e2a7538b01ae38a6a
2024-05-07 16:18 - 2024-05-07 16:18 - 000000026 _____ C:\Users\localAdmin\AppData\LocalLow\08c99299a625780534f1ce0f0f1d7c01c78c158501eae94a3fa89bd661e91f61
2024-05-07 16:17 - 2024-05-07 16:17 - 000000264 _____ C:\Users\localAdmin\Documents\eset20240507_417pm.txt
2024-05-07 15:14 - 2024-05-07 15:14 - 000003860 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2024-05-07 15:14 - 2024-05-07 15:14 - 000003418 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2024-05-07 14:01 - 2024-05-07 14:01 - 000000000 ____D C:\Users\localAdmin\AppData\Local\CrashDumps
2024-05-07 13:58 - 2024-05-07 13:58 - 000000000 ____D C:\Users\localAdmin\AppData\Local\PeerDistRepub
2024-05-07 13:44 - 2024-05-07 15:23 - 000001431 _____ C:\Users\localAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-05-07 13:44 - 2024-05-07 15:23 - 000001325 _____ C:\Users\localAdmin\Desktop\ESET Online Scanner.lnk
2024-05-07 13:44 - 2024-05-07 13:44 - 008389496 _____ (ESET) C:\Users\localAdmin\Downloads\esetonlinescanner.exe
2024-05-07 13:44 - 2024-05-07 13:44 - 000000000 ____D C:\Users\localAdmin\AppData\Local\ESET
2024-05-07 13:41 - 2024-05-07 16:22 - 000000000 ____D C:\Users\localAdmin\Desktop\malwarebytes options asof 2024_0507
2024-05-07 13:33 - 2024-05-07 13:33 - 000234856 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt11.sys
2024-05-07 13:33 - 2024-05-07 13:33 - 000188784 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2024-05-07 13:33 - 2024-05-07 13:33 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-05-07 13:31 - 2024-05-07 13:32 - 000006661 _____ C:\Users\localAdmin\Desktop\Fixlog.txt
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ___HD C:\Users\localAdmin\AppData\Roaming\Obsidium x64
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ___HD C:\Users\localAdmin\.obs64
2024-05-07 13:30 - 2024-05-07 13:30 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\TeraCopy
2024-05-07 13:29 - 2024-05-07 13:31 - 002394112 _____ (Farbar) C:\Users\localAdmin\Desktop\FRST64.exe
2024-04-28 13:39 - 2024-04-28 13:45 - 000040864 _____ C:\Users\lim1\Downloads\FRSTanonymized.txt
2024-04-28 13:28 - 2024-05-08 13:29 - 000030092 _____ C:\Users\localAdmin\AppData\LocalLow\44d9559d2dfe2484a313422996e5da1bc1d2fced2fed59067875e5bd5807d230
2024-04-28 13:28 - 2024-05-08 13:29 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\36422c630cce2905dea2db2c59148cc350904c7c50ddf7c69832f9d9b073b37c
2024-04-28 13:27 - 2024-04-28 13:28 - 000041285 _____ C:\Users\lim1\Downloads\FRST.txt
2024-04-28 13:27 - 2024-04-28 13:28 - 000029481 _____ C:\Users\lim1\Downloads\Addition_redacted.txt
2024-04-28 13:27 - 2024-04-28 13:28 - 000029481 _____ C:\Users\lim1\Downloads\Addition.txt
2024-04-28 13:24 - 2024-05-08 13:34 - 000000000 ____D C:\FRST
2024-04-28 13:23 - 2024-04-28 13:23 - 002394112 _____ (Farbar) C:\Users\lim1\Downloads\FRST64.exe
2024-04-27 20:55 - 2024-04-27 20:55 - 000011196 _____ C:\Users\lim1\AppData\LocalLow\e3739b8d6f71e19a92d1f99870f64aa7724af502e450393dfb98fb1fea4db9cc
2024-04-27 20:55 - 2024-04-27 20:55 - 000000026 _____ C:\Users\lim1\AppData\LocalLow\fbbc84dbdb6d7e9f8df02de721cf9747793a562137165b046ecbf3bb68fc4d78
2024-04-24 05:27 - 2024-04-24 11:47 - 000000000 ____D C:\Users\lim1\Desktop\for REMOTE GMAIL FOR REDACT
2024-04-24 05:01 - 2024-04-24 05:01 - 000002260 _____ C:\Users\localAdmin\AppData\LocalLow\03a9d835bfb56f1e24d7a1ac63272dca5a836d628701760777e2f9511ac732aa
2024-04-24 04:58 - 2024-04-24 05:06 - 000000000 ____D C:\Users\localAdmin\Desktop\settings to temp change for teams 20240424
2024-04-22 17:36 - 2024-04-22 17:36 - 019340635 _____ C:\Users\lim1\Downloads\NMR in Biomedicine - 2022 REDACT

2024-04-22 17:21 - 2024-04-22 17:21 - 004598520 _____ C:\Users\lim1\Downloads\JMRI b0 s REDACT
2024-04-22 15:53 - 2024-04-24 08:49 - 000000000 ____D C:\Users\lim1\Desktop\jmr REDACT
2024-04-19 21:09 - 2024-04-19 21:09 - 000084018 _____ C:\Users\lim1\Downloads\arai-2018-quantitative-stress-perfusion-cardiac-magnetic-resonance-improves-prognostication.pdf
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _____ C:\Users\lim1\Downloads\sammut-et-al-2017-prognostic-value-of-quantitative-stress-perfusion-cardiac-magnetic-resonance.pdf
2024-04-19 21:08 - 2024-04-19 21:08 - 000535558 _____ C:\Users\lim1\Downloads\gibbs-et-al-2017-prognostic-value-of-quantitative-stress-perfusion-cardiac-magnetic-resonance.pdf
2024-04-17 11:36 - 2024-04-22 15:58 - 000000000 ____D C:\Users\lim1\Desktop\jmri DUE REDACT
2024-04-17 11:16 - 2024-05-08 13:07 - 000011196 _____ C:\Users\lim1\AppData\LocalLow\35d76ce50472a1bc6d5e5d05e31a4788cdd6b1edadb3658e2a7538b01ae38a6a
2024-04-17 11:16 - 2024-04-17 11:16 - 000000026 _____ C:\Users\lim1\AppData\LocalLow\08c99299a625780534f1ce0f0f1d7c01c78c158501eae94a3fa89bd661e91f61
2024-04-17 11:13 - 2024-04-17 11:13 - 000000000 ____D C:\windows\SysWOW64\DDFs
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _____ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-17 11:10 - 2024-04-17 11:10 - 000024320 _____ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-17 11:06 - 2024-04-17 11:08 - 000000000 ___HD C:\$WinREAgent
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\EpsonPowerENGAGE
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Epson PowerENGAGE
2024-04-17 10:56 - 2024-02-26 00:38 - 006115800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2024-04-17 10:40 - 2024-04-17 10:40 - 000012313 _____ C:\Users\localAdmin\AppData\LocalLow\d2274c3e4945e3a566f02343fcdb38a11fcd8e2e4edbfdd68fffd7c99ad840ed
2024-04-17 10:40 - 2024-04-17 10:40 - 000000026 _____ C:\Users\localAdmin\AppData\LocalLow\830496b083eed9047906c5214edd2478790321b5759d0e5e13d5ae8446082538

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-08 13:32 - 2024-02-04 00:41 - 000000000 ____D C:\Users\lim1\AppData\Roaming\TeraCopy
2024-05-08 13:29 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-08 13:25 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Malwarebytes
2024-05-08 13:22 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-08 13:22 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-05-08 13:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-05-08 12:02 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\D3DSCache
2024-05-08 11:53 - 2024-02-04 09:28 - 000025438 _____ C:\Users\lim1\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-05-07 16:24 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Malwarebytes
2024-05-07 15:28 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-05-07 15:24 - 2024-03-07 23:54 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\9ec917ee32f9e5393a9300225bdc0e5946d34fa14cacd5aacf7fb0b79eeaa5e8
2024-05-07 14:19 - 2024-02-03 21:24 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2024-05-07 14:18 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\Packages
2024-05-07 14:18 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Local\D3DSCache
2024-05-07 14:00 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-05-07 13:40 - 2023-09-21 00:22 - 000803640 _____ C:\windows\system32\PerfStringBackup.INI
2024-05-07 13:37 - 2024-03-05 14:49 - 000025438 _____ C:\Users\localAdmin\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-05-07 13:36 - 2024-02-10 10:50 - 000438369 _____ C:\Users\localAdmin\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-05-07 13:33 - 2023-08-26 10:47 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-07 13:33 - 2023-08-26 10:47 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-05-07 13:33 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\SleepStudy
2024-05-07 13:33 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-05-07 13:32 - 2024-02-10 11:08 - 000000000 ____D C:\Users\lim1\AppData\LocalLow\Temp
2024-05-07 13:32 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-07 13:32 - 2024-02-03 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-07 13:32 - 2023-09-21 00:16 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-05-07 13:32 - 2022-05-07 01:17 - 001310720 _____ C:\windows\system32\config\BBI
2024-05-07 13:31 - 2022-05-07 01:24 - 000000000 ___HD C:\windows\system32\GroupPolicy
2024-05-07 13:31 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2024-05-07 13:30 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin
2024-05-07 13:29 - 2023-08-26 10:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-07 13:29 - 2023-08-26 10:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-07 13:26 - 2024-02-03 23:04 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000002089 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-05-07 13:24 - 2024-02-03 23:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-07 13:24 - 2024-02-03 23:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-05-07 13:23 - 2023-08-26 10:47 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-07 13:23 - 2023-08-26 10:47 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-28 13:59 - 2024-02-04 09:19 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\36422c630cce2905dea2db2c59148cc350904c7c50ddf7c69832f9d9b073b37c
2024-04-28 13:54 - 2024-02-04 09:19 - 000031209 _____ C:\Users\lim1\AppData\LocalLow\44d9559d2dfe2484a313422996e5da1bc1d2fced2fed59067875e5bd5807d230
2024-04-28 13:33 - 2024-02-15 20:22 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\9ec917ee32f9e5393a9300225bdc0e5946d34fa14cacd5aacf7fb0b79eeaa5e8
2024-04-28 13:21 - 2024-02-04 00:12 - 000758770 _____ C:\Users\lim1\AppData\LocalLow\92ee474e777b489624b30ac0890af381efceb7632fa6c3afab4d069be63e64c6
2024-04-27 23:16 - 2024-01-19 12:32 - 000000000 ____D C:\Users\lim1\Desktop\e_DKTP_RCT
2024-04-27 22:12 - 2024-02-10 10:50 - 000000128 _____ C:\Users\localAdmin\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 21:35 - 2024-01-19 12:49 - 000000000 ____D C:\Users\lim1\Desktop\e_WORK_RECON_2024_jan18
2024-04-27 21:24 - 2024-03-04 22:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Word
2024-04-27 21:24 - 2024-02-05 19:47 - 000000000 ____D C:\Users\lim1\AppData\Roaming\Microsoft\Excel
2024-04-27 21:19 - 2024-02-04 00:12 - 000000128 _____ C:\Users\lim1\AppData\LocalLow\9397cbd7671923babf2242bf6add1d562176f24528f0c1345965cba986fe246a
2024-04-27 20:59 - 2022-02-11 08:11 - 000000000 ____D C:\Users\lim1\Desktop\citi cc van live asof 2022_0211
2024-04-25 22:45 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\Packages
2024-04-25 22:45 - 2023-08-26 10:57 - 000000000 ____D C:\ProgramData\Packages
2024-04-25 09:33 - 2024-02-03 20:23 - 000000000 ____D C:\Users\lim1\Desktop\limDk
2024-04-24 14:04 - 2024-02-04 00:41 - 000000000 ____D C:\Users\saraa\AppData\Roaming\TeraCopy
2024-04-24 14:03 - 2024-02-03 21:04 - 000000000 ____D C:\Users\saraa\AppData\Local\D3DSCache
2024-04-24 13:59 - 2024-02-03 22:47 - 000025438 _____ C:\Users\saraa\AppData\LocalLow\b3f857cc1229a8e0ad6286d9c173e6d0f900f5a902bb24451fac7e0fd55b9e9e
2024-04-24 13:57 - 2024-02-03 23:17 - 000000000 ____D C:\Users\saraa\AppData\Local\Malwarebytes
2024-04-24 13:57 - 2024-02-03 20:36 - 000000000 ____D C:\Users\saraa\AppData\Local\Packages
2024-04-24 11:46 - 2023-11-30 17:31 - 000000000 ____D C:\Users\lim1\Desktop\cleveland clinic credentialing nov 2023
2024-04-24 06:41 - 2024-02-04 09:32 - 000000000 ____D C:\Users\lim1\AppData\Local\CrashDumps
2024-04-24 06:41 - 2024-02-04 00:06 - 000000000 ____D C:\Users\lim1\AppData\Local\SoundResearch
2024-04-24 04:59 - 2024-02-10 10:45 - 000000000 ____D C:\Users\localAdmin\AppData\Roaming\Microsoft\Spelling
2024-04-19 20:41 - 2024-04-04 22:39 - 000000000 ____D C:\Users\lim1\Desktop\apple troubles 2024_0404
2024-04-17 11:39 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-17 11:14 - 2023-08-26 10:47 - 000534352 _____ C:\windows\system32\FNTCACHE.DAT
2024-04-17 11:13 - 2024-02-03 20:57 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-04-17 11:13 - 2023-09-21 00:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\HealthAttestationClient
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\DDFs
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\Provisioning
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\PolicyDefinitions
2024-04-17 11:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-04-17 11:10 - 2023-08-26 10:49 - 003213824 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2024-04-17 10:46 - 2023-08-26 10:47 - 000000000 ____D C:\windows\system32\Drivers\wd
2024-04-17 10:45 - 2024-02-03 22:19 - 000000000 ____D C:\windows\system32\MRT
2024-04-17 10:43 - 2024-02-03 22:19 - 192651728 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by localAdmin (08-05-2024 13:35:17)
Running from C:\Users\lim1\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3447 (X64) (2024-02-04 06:47:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2638474035-1427330621-2262840621-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2638474035-1427330621-2262840621-503 - Limited - Disabled)
Guest (S-1-5-21-2638474035-1427330621-2262840621-501 - Limited - Enabled)
lim1 (S-1-5-21-2638474035-1427330621-2262840621-1002 - Limited - Enabled) => C:\Users\lim1
localAdmin (S-1-5-21-2638474035-1427330621-2262840621-1003 - Administrator - Enabled) => C:\Users\localAdmin
saraa (S-1-5-21-2638474035-1427330621-2262840621-1001 - Administrator - Enabled) => C:\Users\saraa
WDAGUtilityAccount (S-1-5-21-2638474035-1427330621-2262840621-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson PowerENGAGE 3.5.1 (HKLM-x32\...\25e3def4-1763-5663-8776-91b0a5982398) (Version: 3.5.1 - Aviata, Inc.)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{E4C6B326-8218-4FC2-8B48-85A19DAB3AE4}) (Version: 1.03.02.01 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
EPSON WF-3820 Series Printer Uninstall (HKLM\...\EPSON WF-3820 Series) (Version: - Seiko Epson Corporation)
Epson WF-3820 User’s Guide (HKLM-x32\...\UsersGuideEpson WF-3820 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Notifications (HKLM-x32\...\{84937F28-9CB4-49E7-A2CF-E32D97E6DAE6}) (Version: 1.1.28.1 - HP)
HP Sure Recover (HKLM\...\{BEFF0728-1E80-441E-9E23-2142634046C8}) (Version: 10.1.19.210 - HP Inc.)
HP Sure Run Module (HKLM\...\{2439AE5C-1F6E-4AD4-A403-D1BD8C6945B4}) (Version: 5.0.5.59 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{29C20505-3240-4B32-93B7-09BECA8CEF36}) (Version: 1.4.16.17 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{5C1C084D-1DB7-4CAB-840F-E5DD386C2A50}) (Version: 1.4.16.22 - HP Inc.) Hidden
HP System Default Settings (HKLM-x32\...\{C4192E14-642D-4A9C-84BA-38FD0963F19D}) (Version: 1.4.16.16 - HP Inc.) Hidden
HyperSnap 8 (HKLM\...\HyperSnap 8) (Version: 8.24.04 - Hyperionics Technology LLC)
ICS (HKLM-x32\...\{5CD25FCD-D218-46D0-B405-E5A488969BDF}) (Version: 3.1.8.14 - HP Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Office Home and Student 2021 - en-us (HKLM\...\HomeStudent2021Retail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27024 (HKLM-x32\...\{7258184A-EC44-4B1A-A7D3-68D85A35BFD0}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27024 (HKLM-x32\...\{5EEFCEFB-E5F7-4C82-99A5-813F04AA4FBD}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 125.0.3 (x64 en-US)) (Version: 125.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20264 - Microsoft Corporation) Hidden
Poly Lens (HKLM-x32\...\{6E176115-6EB6-4D5D-948F-A6347E3DAB56}) (Version: 1.1.28.5852 - Poly, Inc.)
TeraCopy (HKLM\...\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}) (Version: 3.17 - Code Sector)

Packages:
=========

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-05-07] (INTEL CORP) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-07] (Microsoft Corporation)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.50.322.0_x64__dt26b99r8h8gj [2024-04-24] (Realtek Semiconductor Corp)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.5.1.0_x64__v10z8vjag6ke6 [2024-04-24] (HP Inc.)
HP Power Manager -> C:\Program Files\WindowsApps\AD2F1837.HPPowerManager_3.1.8.0_x64__v10z8vjag6ke6 [2024-02-10] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-03-07] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.34.32.0_x64__v10z8vjag6ke6 [2024-05-07] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.39.0_x64__v10z8vjag6ke6 [2024-03-06] (HP Inc.)
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-24] (INTEL CORP) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-12] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.33.0_x64__cw5n1h2txyewy [2024-04-24] (Microsoft Windows) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_30.52407.200.0_x64__v10z8vjag6ke6 [2024-03-05] (HP Inc.) [Startup Task]
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2404.195.0_x64__8wekyb3d8bbwe [2024-05-07] (Microsoft Corporation) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-05-07] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2638474035-1427330621-2262840621-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2402.32.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpbus-ubpl&ref=aagateway-businesspc-hp

==================== Loaded Modules (Whitelisted) =============

2023-06-27 01:28 - 2023-06-27 01:28 - 000162816 _____ () [File not signed] C:\Program Files\TeraCopy\Blake3.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\lim1\Desktop\FRST64(2).exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\lim1\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\lim1\Downloads\HS8Setup.exe:MBAM.Zone.Identifier [146]
AlternateDataStreams: C:\Users\lim1\Downloads\teracopy.exe:MBAM.Zone.Identifier [140]
AlternateDataStreams: C:\Users\localAdmin\Desktop\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\localAdmin\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [160]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA(1).exe:MBAM.Zone.Identifier [116]
AlternateDataStreams: C:\Users\saraa\Downloads\WF3820_Lite_NA.exe:MBAM.Zone.Identifier [116]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-03-25] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-03-25] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2638474035-1427330621-2262840621-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\GlassWave.Blue.MAY.jpg
DNS Servers: 192.168.30.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "EPPCCMON"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2638474035-1427330621-2262840621-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C48EEF0891FAE0F7DD60DD6C728887C7"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1CB6AC14-CEA1-414D-87A8-110DFBC25EBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74A147A7-6E71-47EE-BBD3-CD2538EB0FE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B225B16B-7B44-4901-B10E-9BF47556BF08}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{588E622A-499C-4F17-AEDB-30F411D50DAB}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{DA867C4A-7687-4BDD-83B4-555E9FB78B29}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB9F32E8-B713-47D9-A1FC-27DC9CBDB6E9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E7712F9-A08E-4CCC-B9B9-E4EC0A1398F1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D541969E-956D-4D79-9446-6376D7F0DFE6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

19-04-2024 17:58:31 Scheduled Checkpoint
23-04-2024 21:34:27 Windows Update
07-05-2024 13:23:56 Windows Update
07-05-2024 13:31:51 Restore Point Created by FRST
07-05-2024 15:27:57 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wi-Fi 6E AX211 160MHz
Description: Intel(R) Wi-Fi 6E AX211 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw14
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/07/2024 02:01:14 PM) (Source: Application Error) (EventID: 1000) (User: hp2024)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.34.8.0, time stamp: 0x65f09154
Faulting module name: ntdll.dll, version: 10.0.22621.3374, time stamp: 0x3fddb55c
Exception code: 0xc0000008
Fault offset: 0x000aa4f3
Faulting process id: 0x0x930
Faulting application start time: 0x0x1daa0a632a03081
Faulting application path: C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: ffeb12ce-0ecc-450f-8345-fbc6a223476a
Faulting package full name:
Faulting package-relative application ID:

Error: (05/07/2024 01:59:33 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_AppXSvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3374, time stamp: 0xeae8eecc
Exception code: 0xc0000409
Fault offset: 0x00000000000a43a0
Faulting process id: 0x0x9d0
Faulting application start time: 0x0x1daa0a736ddb417
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 59c364be-d235-4eec-820b-3848190043ff
Faulting package full name:
Faulting package-relative application ID:

Error: (05/07/2024 01:57:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete defragmentation on \\?\Volume{3af68411-c752-11ee-a7c4-e40d368abe38}\ because: Volumes cannot be optimized due to file system type not supported. (0x8900002F)

Error: (05/07/2024 01:33:05 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/28/2024 01:13:19 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/28/2024 01:12:46 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Faulting module name: hpqwmiex.exe, version: 7.1.25.1, time stamp: 0x5f197636
Exception code: 0xc0000005
Fault offset: 0x00078df4
Faulting process id: 0x0x1c08
Faulting application start time: 0x0x1da9910aa3cc3a6
Faulting application path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Faulting module path: C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
Report Id: f80f2240-88cb-45a4-9a57-c3e59ef9d9f1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2024 10:06:21 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer

Error: (04/27/2024 09:42:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: OneApp.IGCC.WinService.exe
Path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Message: You must install .NET to run this application.

App: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9b33d3c65380dd2c\OneApp.IGCC.WinService.exe
Architecture: x64
App host version: 7.0.5
.NET location: Not found

Learn about runtime installation:
Troubleshoot app launch failures - .NET

Download the .NET runtime:
Download .NET 7.0 Runtime (v7.0.18) - Windows x64 Installer


System errors:
=============
Error: (05/07/2024 02:24:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N9PHDT62W94-AD2F1837.myHP.

Error: (05/07/2024 02:01:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: 9PMMSR1CGPWG-Microsoft.HEIFImageExtension.

Error: (05/07/2024 01:59:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AppX Deployment Service (AppXSVC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/07/2024 01:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/07/2024 01:33:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.

Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CASL Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Audio Analytics Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/07/2024 01:31:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Innovation Platform Framework Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================Event[0]

Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence Version: 1.407.741.0;1.407.741.0
Engine Version: 1.1.24020.9

Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence Version: 1.409.343.0;1.409.343.0
Engine Version: 1.1.24030.4

Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.12.0
Previous security intelligence Version: 1.409.343.0
Update Source: Security intelligence Update Folder
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.12.0
Previous security intelligence Version: 1.409.343.0
Update Source: Security intelligence Update Folder
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2024-05-07 13:32:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.24030.4
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2024-05-08 13:23:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: HP V72 Ver. 01.04.00 01/19/2024
Motherboard: HP 8B7C
Processor: 13th Gen Intel(R) Core(TM) i7-1355U
Percentage of memory in use: 61%
Total physical RAM: 7824.31 MB
Available physical RAM: 3040.77 MB
Total Virtual: 10384.31 MB
Available Virtual: 4638.51 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:475.67 GB) (Free:172.81 GB) (Model: KBG50ZNV512G KIOXIA) NTFS

\\?\Volume{40d6b26e-4f6c-49fb-920d-5ba0dc07b7a2}\ (Windows RE Tools) (Fixed) (Total:0.99 GB) (Free:0.07 GB) NTFS
\\?\Volume{37712f39-7ea7-4090-9bc3-417a458380ae}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.12 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1B77B9C9)

Partition: GPT.

==================== End of Addition.txt =======================

 

[newbee_4]

above Windows glitch seems ok after 2nd restart. waiting for your thoughts on the logs!

 

[DR M]

Hello.

About the whitelisted items in FRST, yes those are the default whitelisted items and there is no need to change them.

As to your issue here:

Having a new terrible problem
"Windows cannot find" basically any of my files even if they are open and I am looking at them, restarted and moved some off desktop and it is better when I do that?

I didn't understand what exactly happened, but I'm glad the issue is now gone.

I'll review your logs and be back as soon as I am ready.

 

[DR M]

Your system is clean, and the following fix will only do some maintenance.

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2638474035-1427330621-2262840621-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2402.32.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
S4 IntcSdwBus; \SystemRoot\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_a7c91360744c6f58\IntcSdwBus.sys [X]
S4 Netwtw12; \SystemRoot\System32\DriverStore\FileRepository\netwtw6e.inf_amd64_cc3a2460c42c06f6\Netwtw12.sys [X]
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

[newbee_4]

here it is! took a while to run and it looks as if it stopped abnormally though--

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by localAdmin (08-05-2024 16:38:51) Run:2
Running from C:\Users\lim1\Desktop
Loaded Profiles: saraa & lim1 & localAdmin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2638474035-1427330621-2262840621-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2402.32.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
S4 IntcSdwBus; \SystemRoot\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_a7c91360744c6f58\IntcSdwBus.sys [X]
S4 Netwtw12; \SystemRoot\System32\DriverStore\FileRepository\netwtw6e.inf_amd64_cc3a2460c42c06f6\Netwtw12.sys [X]
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-09-21 00:22 - 2023-09-21 00:22 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2638474035-1427330621-2262840621-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652} => removed successfully
IntcSdwBus => service not found.
Netwtw12 => service not found.
Symbolic link found: "C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll" => "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll"
"C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll" => Symbolic link removed successfully
Symbolic link found: "C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll" => "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll"
"C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll" => Symbolic link removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION

 

[newbee_4]

when I went to restart, I was unable to, got Updates underway message. But it is there 40 minutes now?

 

[newbee_4]

it did finish eventually and things seem ok

 

[DR M]

Hi.

Yes, it took more than 60 minutes, so the fix didn't complete. Let's do the DISM/SFC scans manually.

Run Deployment Image Servicing and Management (DISM)

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter;

DISM /Online /Cleanup-Image /RestoreHealth

• Let the scan run until the end (100%). Depending on your system, it can take some time.
• Please post here the result you got (a screenshot).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter

sfc /scannow

• Let the scan finish.
• You will normally get one of the following results:
  

  Windows Resource Protection did not find any integrity violations
  Windows Resource Protection found corrupt files and successfully repaired them
  Windows Resource Protection found corrupt files but was unable to fix some of them
  Windows Resource Protection could not perform the requested operation

  Please post the result you got (a screenshot).

 

[newbee_4]

trying! about 3 hours so far and not done

 

[newbee_4]

about 8 hours. i think maybe malwarebytes is a problem?
task manager shows around 2pct cpu in use, 64pct of memory with malwarebytes consistently near the top

 

[newbee_4]

I messed up (please don't be too annoyed) - after 8 hours I decided something must be wrong so unplugged ethernet and restarted.

But obviously things were happening because now I have that Updates are Underway message again.
I put the ethernet back (not sure whether that matters) and will leave it alone. It is late evening here, will give an update in the morning.

 

[newbee_4]

It is about 6:30am here and overnight, it finished updating and I logged into the computer normally right now.
But because I interrupted it (sorry again ) I do not have any screenshot of a result. Should I try it again? Sorry I will wait for your instructions and try to be more patient.