Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Infected with some sort of advanced spyware, and text editor?? Please help

Started by gcocca , Sep 21 2023 02:41 PM

  • Please log in to reply
3 replies to this topic

#1 gcocca

gcocca

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 02:41 PM

Someone keeps hacking all my accounts, monitoring all my activity, and are using some sort of text editor to change the information on pages, and re-write texts on my computer to say different things than whatever I was trying to look at. I think it maybe called VIM? not sure, need help please! 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by GA (administrator) on GA (HP HP Laptop 15-fd0xxx) (21-09-2023 15:43:46)
Running from C:\Users\greml\Downloads\FRST64.exe
Loaded Profiles: GA
Platform: Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\WindowsApps\microsoftwindows.client.webexperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe <6>
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\BridgeCommunication.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_helper.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.3.31.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_12a05294eb98ea3c\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_ac24d7bf1d3c2d50\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4d82958d8593cc31\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8f1ca5219e9493c\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\ad2f1837.myhp_25.52330.450.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\ad2f1837.myhp_25.52330.450.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21548.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21548.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21548.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\microsoft.todos_2.104.62421.0_x64__8wekyb3d8bbwe\Todo.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\microsoftwindows.client.webexperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8f1ca5219e9493c\RtkAudUService64.exe [1629552 2022-12-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\greml\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-09-13] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\Installer\setup.exe [3788840 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3420440085-592289846-2719292854-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [537136 2023-08-15] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-3420440085-592289846-2719292854-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3420440085-592289846-2719292854-1001\...\Run: [MicrosoftEdgeAutoLaunch_F13589AA1841CE186C5C63744842CE67] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3420440085-592289846-2719292854-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [569344 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {F3502ACE-D91B-48B6-9B95-087AF61C24D3} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {117264CB-EECE-4DEC-B005-90E24FFB7E5F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8196AD59-0AAB-4DC2-A511-ECC98527E22E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {916EF8A1-6C33-44E6-94BF-5AFC1ACC3CA8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {114A0928-9952-47EF-A403-2C49FC3376F5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DD64E01-CAE0-4233-9F4F-ABCC1D168955} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {67FF613E-C3FC-4CF3-B12C-F11DE117ADAE} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-01] (Microsoft Windows -> Microsoft Corporation)
Task: {BFF760C4-3CBF-4B2B-B051-D135A51DDD9F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {663C26A0-59E6-4FE9-9DB3-B7C14944EC78} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD2BF6BB-05C3-4C67-9C2C-35D356DB24BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7CF17F9-F135-401C-B9BE-3F52CC919AE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B2F31A8-5B8E-4EAE-96DB-D6727F887525} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63F589AF-2A83-448B-B2D3-7BC90FFFD41B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B52A77C-4818-4A74-8B1E-EBAF511F84AB} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3420440085-592289846-2719292854-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.129.136
Tcpip\..\Interfaces\{1b95b2ea-741b-4e3a-99b6-8bf8998dc9e4}: [DhcpNameServer] 192.168.64.71
Tcpip\..\Interfaces\{230b6e5c-e345-4c1f-bb3e-dce7de3956c4}: [DhcpNameServer] 192.168.129.136
 
Edge: 
=======
Edge Profile: C:\Users\greml\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-21]
Edge Notifications: Default -> hxxps://www.bleepingcomputer.com
Edge Extension: (Google Docs Offline) - C:\Users\greml\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-21]
Edge Extension: (Edge relevant text changes) - C:\Users\greml\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_12a05294eb98ea3c\ipfsvc.exe [544888 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe [3518480 2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\AppHelperCap.exe [888768 2023-07-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\DiagsCap.exe [887184 2023-07-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\NetworkCap.exe [883136 2023-07-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_965dbdfb871959a5\x64\SysInfoCap.exe [887744 2023-07-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe [497744 2023-08-02] (HP Inc. -> HP Inc.)
S2 Intel® Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_45efd8a6478e15ce\lib\PlatformLicenseManagerService.exe [746984 2022-12-22] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe [528928 2022-12-19] (Intel Corporation -> Intel)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_uf.exe [2773616 2022-10-17] (Intel Corporation -> Intel Corporation)
S3 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe [3979528 2022-06-01] (McAfee, LLC -> McAfee)
R3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe [3855376 2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CtaChildDriver; C:\WINDOWS\System32\drivers\CtaChildDriver.sys [48632 2023-01-03] (Intel Corporation -> )
S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_ed9efe698065da9c\GSCAuxDriverx64.sys [97792 2023-01-03] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_96e1e5abf52e018c\TeeDriverGSCW8x64.sys [267776 2023-01-03] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_ADL_N; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl_n.inf_amd64_cacc621ea12c00b5\iaLPSS2_GPIO2_ADL_N.sys [179768 2022-11-07] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL_N; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl_n.inf_amd64_cea888afe7e27a33\iaLPSS2_I2C_ADL_N.sys [221240 2022-11-07] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_ADL_N; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_adl_n.inf_amd64_93eaa06ed572c2c7\iaLPSS2_SPI_ADL_N.sys [172072 2022-11-07] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_ADL_N; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl_n.inf_amd64_573b75fb4f657da0\iaLPSS2_UART2_ADL_N.sys [332352 2022-11-07] (Intel Corporation -> Intel Corporation)
S3 IntcSdwBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_d3d4da2eb15364e3\IntcSdwBus.sys [516672 2022-12-19] (Intel Corporation -> Intel® Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_9d17fea24a602101\IntcUSB.sys [912928 2022-12-19] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-08-21] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\WINDOWS\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_a329fd450939b60d\Intel_NF_I2C.sys [212464 2023-01-03] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_2c4217605fff2443\ipf_acpi.sys [87176 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_cpu.sys [80496 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_15575ddcbffc1fc6\ipf_lf.sys [441968 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [53704 2022-06-01] (McAfee, LLC -> McAfee)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-01] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-09-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-11] (Microsoft Windows -> Microsoft Corporation)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 15:37 - 2023-09-21 15:38 - 000021648 _____ C:\Users\greml\Downloads\Addition.txt
2023-09-21 15:36 - 2023-09-21 15:44 - 000022240 _____ C:\Users\greml\Downloads\FRST.txt
2023-09-21 15:35 - 2023-09-21 15:44 - 000000000 ____D C:\FRST
2023-09-21 15:33 - 2023-09-21 15:35 - 002382848 _____ (Farbar) C:\Users\greml\Downloads\FRST64.exe
2023-09-13 03:26 - 2023-09-13 03:26 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-09-13 03:10 - 2023-09-19 18:08 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-13 03:06 - 2023-09-13 03:11 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Teams
2023-09-13 03:06 - 2023-09-13 03:06 - 000000000 ____D C:\Users\greml\AppData\Local\SquirrelTemp
2023-09-13 03:04 - 2023-09-13 03:04 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-09-13 03:01 - 2023-09-21 13:13 - 000000000 ___RD C:\Users\greml\OneDrive - Careered - AIU
2023-09-13 02:58 - 2023-09-13 02:58 - 000000000 ____D C:\Users\greml\AppData\Local\OneDrive
2023-09-12 21:24 - 2023-09-12 21:26 - 000000000 ___HD C:\$WinREAgent
2023-09-12 21:17 - 2023-09-12 21:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-09-12 21:08 - 2023-09-12 21:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-12 19:02 - 2023-09-13 03:10 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-12 19:02 - 2023-09-13 03:10 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-12 19:01 - 2023-09-13 03:10 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2023-09-12 18:59 - 2023-09-12 18:59 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2023-09-12 18:59 - 2023-09-12 18:59 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-09-12 01:17 - 2023-09-12 01:17 - 000000000 ____D C:\Users\greml\AppData\Local\VirtualStore
2023-09-11 23:07 - 2023-09-11 23:07 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\UProof
2023-09-11 23:07 - 2023-09-11 23:07 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Proof
2023-09-11 23:06 - 2023-09-19 19:21 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Word
2023-09-11 23:06 - 2023-09-11 23:16 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Office
2023-09-11 23:06 - 2023-09-11 23:06 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\AddIns
2023-09-11 21:16 - 2023-09-11 21:16 - 000000000 ____D C:\Users\greml\AppData\Local\Comms
2023-09-11 10:43 - 2023-09-11 10:52 - 000000000 ____D C:\Users\greml\AppData\Local\Publishers
2023-09-11 10:41 - 2023-09-13 03:10 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3420440085-592289846-2719292854-1001
2023-09-11 10:41 - 2023-09-11 10:41 - 000000000 ____D C:\Users\greml\AppData\Local\PlaceholderTileLogoFolder
2023-09-11 10:39 - 2023-09-11 10:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-09-11 10:38 - 2023-09-21 14:02 - 000000000 ____D C:\Users\greml\AppData\Local\D3DSCache
2023-09-11 10:38 - 2023-09-11 10:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-11 10:36 - 2023-09-13 03:05 - 000000000 ____D C:\Users\greml\AppData\Local\ConnectedDevicesPlatform
2023-09-11 10:36 - 2023-09-11 10:36 - 000000020 ___SH C:\Users\greml\ntuser.ini
2023-09-11 10:36 - 2023-09-11 10:36 - 000000000 ____D C:\Users\greml\AppData\Roaming\Synaptics
2023-09-11 10:36 - 2023-09-11 10:36 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Network
2023-09-11 10:36 - 2023-09-11 10:36 - 000000000 ____D C:\Users\greml\AppData\Roaming\HP
2023-09-11 10:36 - 2023-09-11 10:36 - 000000000 ____D C:\Users\greml\AppData\Roaming\Adobe
2023-09-11 10:36 - 2023-09-11 10:36 - 000000000 ____D C:\Users\greml\AppData\Local\SoundResearch
2023-09-11 06:29 - 2023-09-11 06:29 - 000000000 __HDL C:\System.sav
2023-09-11 06:29 - 2023-09-11 06:29 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2023-09-11 06:29 - 2023-09-11 02:39 - 000000000 ____D C:\WINDOWS\Panther
2023-09-11 06:29 - 2023-09-11 02:39 - 000000000 ____D C:\Windows.old
2023-09-11 06:29 - 2023-09-11 02:32 - 000000000 ____D C:\Program Files\HP
2023-09-11 06:29 - 2022-09-13 01:06 - 000001184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk
2023-09-11 06:29 - 2022-07-21 12:31 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walmart.lnk
2023-09-11 06:29 - 2022-07-20 12:18 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk
2023-09-11 06:28 - 2023-09-11 06:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-09-11 06:28 - 2023-09-11 06:28 - 000000000 ____D C:\WINDOWS\Firmware
2023-09-11 06:26 - 2023-09-11 06:29 - 000000000 ____D C:\WINDOWS\Setup
2023-09-11 06:26 - 2023-09-11 06:26 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-09-11 06:26 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2023-09-11 06:26 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2023-09-11 06:26 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2023-09-11 06:26 - 2023-09-11 06:26 - 000000000 ____D C:\ProgramData\ssh
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\0409
2023-09-11 06:25 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\DigitalLocker
2023-09-11 06:24 - 2023-09-21 15:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-11 06:24 - 2023-09-21 15:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-11 06:24 - 2023-09-21 15:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-11 06:24 - 2023-09-21 14:56 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-09-11 06:24 - 2023-09-21 13:15 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-11 06:24 - 2023-09-19 17:08 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-09-11 06:24 - 2023-09-13 03:20 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-11 06:24 - 2023-09-13 03:11 - 000000000 ___RD C:\Program Files (x86)
2023-09-11 06:24 - 2023-09-13 03:05 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-11 06:24 - 2023-09-13 03:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-11 06:24 - 2023-09-13 03:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-11 06:24 - 2023-09-13 03:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-11 06:24 - 2023-09-12 21:16 - 000000000 ____D C:\WINDOWS\appcompat
2023-09-11 06:24 - 2023-09-12 16:38 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-09-11 06:24 - 2023-09-11 22:48 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-11 06:24 - 2023-09-11 10:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-09-11 06:24 - 2023-09-11 06:29 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-09-11 06:24 - 2023-09-11 06:29 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\OCR
2023-09-11 06:24 - 2023-09-11 06:26 - 000000000 ____D C:\WINDOWS\Globalization
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\setup
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\system32\Com
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\IME
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\Help
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\WINDOWS\BrowserCore
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files\Windows NT
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files\Common Files\System
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files (x86)\Windows NT
2023-09-11 06:24 - 2023-09-11 06:25 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 __SHD C:\Program Files\Windows Sidebar
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\system32\Nui
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Web
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\WaaS
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Vss
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\tracing
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\TAPI
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\winevt
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\ras
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\Pbr
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\Keywords
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\IME
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\icsxml
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\ias
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\DriverState
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\downlevel
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\System
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SKB
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\security
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\schemas
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\SchCache
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Resources
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\rescache
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Registration
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\PLA
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Performance
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\ModemLogs
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Media
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\L2Schemas
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\InputMethod
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\IdentityCRL
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Cursors
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Containers
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\Branding
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Spelling
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\ProgramData\USOShared
2023-09-11 06:24 - 2023-09-11 06:24 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2023-09-11 06:24 - 2023-09-11 06:23 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2023-09-11 06:24 - 2023-09-11 06:23 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2023-09-11 06:24 - 2023-09-11 06:23 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2023-09-11 06:24 - 2023-09-11 02:36 - 000000000 __RHD C:\Users\Public\Libraries
2023-09-11 06:24 - 2023-09-11 02:33 - 000000000 ____D C:\WINDOWS\system32\spool
2023-09-11 06:24 - 2023-09-11 02:32 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-09-11 06:24 - 2023-09-11 02:32 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-11 06:24 - 2023-09-11 02:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-09-11 06:24 - 2023-09-11 02:29 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2023-09-11 06:23 - 2023-09-21 15:38 - 000000000 ____D C:\WINDOWS\INF
2023-09-11 06:21 - 2023-09-12 21:29 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-11 06:20 - 2023-09-13 03:04 - 099090432 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-09-11 06:20 - 2023-09-13 03:04 - 089915392 _____ C:\WINDOWS\system32\config\SYSTEM
2023-09-11 06:20 - 2023-09-13 03:04 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2023-09-11 06:20 - 2023-09-13 03:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-09-11 06:20 - 2023-09-13 03:04 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2023-09-11 06:20 - 2023-09-13 03:04 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2023-09-11 06:20 - 2023-09-11 22:26 - 000000000 ____D C:\WINDOWS\servicing
2023-09-11 06:20 - 2023-09-11 06:24 - 000000000 ____D C:\WINDOWS\system32\SMI
2023-09-11 06:20 - 2023-09-11 02:36 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-09-11 06:19 - 2023-09-11 02:36 - 000000000 ___HD C:\$SysReset
2023-09-11 02:40 - 2023-09-13 03:11 - 000830348 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-11 02:36 - 2023-09-13 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-09-11 02:36 - 2023-09-11 22:18 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\SystemCertificates
2023-09-11 02:36 - 2023-09-11 10:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-09-11 02:36 - 2023-09-11 02:36 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-11 02:36 - 2023-09-11 02:36 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-11 02:36 - 2023-09-11 02:36 - 000000000 _SHDL C:\Users\Default User
2023-09-11 02:36 - 2023-09-11 02:36 - 000000000 _SHDL C:\Users\All Users
2023-09-11 02:36 - 2023-09-11 02:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2023-09-11 02:36 - 2023-09-11 02:36 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Crypto
2023-09-11 02:36 - 2023-02-03 11:03 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1405368026-480693864-3476859065-500
2023-09-11 02:36 - 2022-11-03 00:36 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-353709614-2291778256-2954742011-500
2023-09-11 02:35 - 2023-09-19 16:47 - 000000000 ____D C:\Users\greml\AppData\Local\Packages
2023-09-11 02:35 - 2023-09-13 03:01 - 000000000 ____D C:\Users\greml
2023-09-11 02:35 - 2023-09-11 10:56 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Spelling
2023-09-11 02:35 - 2023-09-11 10:37 - 000000000 ____D C:\Users\greml\AppData\Roaming\Microsoft\Windows
2023-09-11 02:35 - 2023-09-11 02:35 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-09-11 02:30 - 2023-09-21 12:55 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-11 02:30 - 2023-09-21 12:55 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-11 02:30 - 2023-09-21 12:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-11 02:30 - 2023-09-13 03:04 - 000471248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-11 02:30 - 2023-09-11 02:33 - 000000000 ____D C:\ProgramData\HP
2023-09-11 02:30 - 2023-09-11 02:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ipf_umdf2_02_00_00.Wdf
2023-09-11 02:30 - 2023-09-11 02:30 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-09-11 02:30 - 2023-09-11 02:30 - 000000000 ____D C:\ProgramData\Realtek
2023-09-11 02:30 - 2023-09-11 02:30 - 000000000 ____D C:\ProgramData\mcafeeintegrationservice
2023-09-11 02:30 - 2023-09-11 02:30 - 000000000 ____D C:\ProgramData\Intel
2023-09-08 11:45 - 2023-09-08 11:45 - 000677280 _____ C:\Users\greml\Downloads\studen.pdf
2023-09-08 11:34 - 2023-09-08 11:34 - 000077721 _____ C:\Users\greml\Downloads\PJ Appeal Form[652].pdf
2023-09-06 15:48 - 2023-09-06 15:49 - 000085363 _____ C:\Users\greml\Downloads\MyStatement.pdf
2023-09-06 13:32 - 2023-09-06 13:32 - 000000112 ___SH C:\bootTel.dat
2023-09-05 01:58 - 2023-08-14 23:14 - 006529496 ____N (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2023-08-26 13:57 - 2023-08-26 13:57 - 027645392 _____ C:\Users\greml\Downloads\lock doors (1).mp4
2023-08-26 13:31 - 2023-08-26 13:31 - 027297479 _____ C:\Users\greml\Downloads\lock doors.mp4
2023-08-26 13:23 - 2023-08-26 13:23 - 036105225 _____ C:\Users\greml\Downloads\Untitled video (3).mp4
2023-08-26 12:46 - 2023-08-26 12:46 - 092953432 _____ C:\Users\greml\Downloads\VID_20230826_122529792~2.mp4
2023-08-25 18:11 - 2023-08-25 18:11 - 000059161 _____ C:\Users\greml\Downloads\ACCESS_FLORIDA_APPLICATION_DETAILS_818327666.pdf
2023-08-22 00:43 - 2023-08-22 00:43 - 000286544 _____ C:\Users\greml\Downloads\1.12220230793.494ea.Pdf
2023-08-22 00:40 - 2023-08-22 00:40 - 000310347 _____ C:\Users\greml\Downloads\1.910202244444.bd5e3.Pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 14:46 - 2023-08-03 02:45 - 000000000 ____D C:\Users\greml\OneDrive\Documents\AIU_files
2023-09-19 16:38 - 2023-02-03 11:11 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-19 16:37 - 2023-07-29 21:09 - 000000000 ___RD C:\Users\greml\OneDrive
2023-09-13 03:13 - 2023-02-03 11:10 - 000000000 ____D C:\Program Files (x86)\HP
2023-09-13 03:10 - 2022-11-03 00:35 - 000000000 ____D C:\ProgramData\Packages
2023-09-13 03:04 - 2022-11-03 00:32 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-12 18:59 - 2023-02-03 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-11 22:48 - 2022-11-03 00:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-09-11 10:36 - 2022-11-03 00:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-11 02:36 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-09-11 02:33 - 2023-05-17 06:07 - 000000000 ____D C:\WINDOWS\HP
2023-09-11 02:33 - 2023-05-17 06:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Amazon
2023-09-11 02:33 - 2023-05-17 06:02 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-09-11 02:33 - 2023-02-03 11:11 - 000000000 ___RD C:\Program Files\Online Services
2023-09-11 02:33 - 2023-02-03 11:11 - 000000000 ___RD C:\Program Files (x86)\Online Services
2023-09-11 02:33 - 2023-02-03 11:11 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-09-11 02:32 - 2023-05-17 06:08 - 000000000 ____D C:\Program Files\McAfeeOSDetection
2023-09-11 02:32 - 2023-02-03 11:12 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-11 02:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-09-01 19:06 - 2023-07-29 21:03 - 000000000 ___SD C:\Users\greml\AppData\Roaming\Microsoft\Credentials
2023-08-22 00:54 - 2023-08-03 03:51 - 000000000 ____D C:\Users\greml\OneDrive\Documents\secret agent_files
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by GA (21-09-2023 15:45:01)
Running from C:\Users\greml\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2023-09-11 06:39:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3420440085-592289846-2719292854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3420440085-592289846-2719292854-503 - Limited - Disabled)
GA (S-1-5-21-3420440085-592289846-2719292854-1001 - Administrator - Enabled) => C:\Users\greml
Guest (S-1-5-21-3420440085-592289846-2719292854-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3420440085-592289846-2719292854-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
 
Packages:
=========
5A894077.McAfeeSecurity -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-09-11] (McAfee LLC.)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt [2023-09-11] (INTEL CORP) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.40.284.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-21] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.3.31.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-13] (Microsoft Corporation)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_25.52330.450.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.) [Startup Task]
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7423.0_x64__8wekyb3d8bbwe [2023-09-21] (Microsoft Corporation) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Studios) [MS Ad]
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2023-09-11] (Random Salad Games LLC)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-13] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3420440085-592289846-2719292854-1001_Classes\CLSID\{04271989-C4D2-E54D-E5C3-4A3F3589474F} -> [OneDrive - Careered - AIU] => C:\Users\greml\OneDrive - Careered - AIU [2023-09-13 03:01]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-13] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3420440085-592289846-2719292854-1001\...\sharepoint.com -> hxxps://liveaiuniv-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3420440085-592289846-2719292854-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\greml\OneDrive\Pictures\Saved Pictures\tumblr_fdbfc6929316a02520ca76e6176630f9_2d34b28a_500.jpg
DNS Servers: 192.168.129.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1A42A70-4B56-45ED-B461-F08B955DA85B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC858371-BF27-4129-80B1-7DE6D7F3C1DE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C9ED79DC-6D9E-4EED-A3C7-392BB3773778}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40DDDA8F-CE91-4BD8-8DF2-A13EF70E3BFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{666898D8-5587-48C1-9AA0-9E97D97921F3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{682E5ECE-9423-453E-A306-92B7CDEBD277}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73F1E312-A9E9-4ED2-A1FF-D31B736D3E75}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA6258C6-B924-4A92-A9D0-57EB3B4E46CD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:118.31 GB) (Free:51.5 GB) (44%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/21/2023 03:44:14 PM) (Source: Application Error) (EventID: 1000) (User: GA)
Description: Faulting application name: ctfmon.exe, version: 10.0.22621.1, time stamp: 0xf4b8fb49
Faulting module name: InputService.dll, version: 10.0.22621.2215, time stamp: 0xcbec7d34
Exception code: 0x00000675
Fault offset: 0x00000000000be658
Faulting process id: 0x0x25cc
Faulting application start time: 0x0x1d9e610b2919227
Faulting application path: C:\WINDOWS\system32\ctfmon.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report Id: deedf9b0-7e6a-4a30-bb2a-c8ced352b22a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/21/2023 02:31:16 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program WWAHost.exe version 10.0.22621.2070 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (09/21/2023 12:50:15 PM) (Source: OneDriveUpdaterService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/21/2023 10:43:49 AM) (Source: OneDriveUpdaterService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/21/2023 09:22:45 AM) (Source: Application Error) (EventID: 1000) (User: GA)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x38fc
Faulting application start time: 0x0x1d9ec8eb4f98489
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 7304f0af-6679-494c-8057-511b18b2d3c1
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate
 
Error: (09/19/2023 06:13:04 PM) (Source: OneDriveUpdaterService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/19/2023 06:09:14 PM) (Source: OneDriveUpdaterService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/15/2023 10:10:03 PM) (Source: Application Error) (EventID: 1000) (User: GA)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x11d8
Faulting application start time: 0x0x1d9e842e76a1b60
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 7de5c5bd-bf66-41f3-8e1f-c73a4d04b225
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate
 
 
System errors:
=============
Error: (09/21/2023 02:08:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N9PHDT62W94-AD2F1837.myHP.
 
Error: (09/21/2023 01:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Camera Frame Server Monitor service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/21/2023 01:59:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Camera Frame Server Monitor service to connect.
 
Error: (09/21/2023 10:34:12 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.
 
Error: (09/21/2023 09:54:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Camera Frame Server Monitor service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/21/2023 09:54:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Camera Frame Server Monitor service to connect.
 
Error: (09/21/2023 09:20:09 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7abb0e86-2ddf-4638-8495-5dc8990274ce}, had event 74
 
Error: (09/20/2023 08:59:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-09-19 20:03:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-13 01:38:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-09-21 13:15:50
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.397.1250.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23080.2005
Error code: 0x8024402f
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
==================== Memory info =========================== 
 
BIOS: AMI F.06 07/03/2023
Motherboard: HP 8B36
Processor: Intel® N200
Percentage of memory in use: 88%
Total physical RAM: 3751.99 MB
Available physical RAM: 429.79 MB
Total Virtual: 9659.39 MB
Available Virtual: 1805.45 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:118.31 GB) (Free:51.5 GB) (Model: SAMSUNG KLUDG4UHGC-B0E1) (Protected) NTFS
 
\\?\Volume{8aa36541-9022-4605-9b73-6f4a6d658b02}\ (Windows RE tools) (Fixed) (Total:0.61 GB) (Free:0.06 GB) NTFS
\\?\Volume{2d8021b2-30db-4822-80f8-0efa2e83fdce}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
 
==================== MBR & Partition Table ====================
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 0.
 
==================== End of Addition.txt =======================

 


Edited by gcocca, 21 September 2023 - 02:58 PM.

BC AdBot (Login to Remove)

 

#2 gcocca

gcocca
  • Topic Starter

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 02:50 PM

 i need help asap


Edited by gcocca, 21 September 2023 - 03:07 PM.

#3 JSntgRvr

JSntgRvr

    Malware Fighter


  • Avatar image
  • Malware Response Team
  • 16,122 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:24 PM

Posted 22 September 2023 - 02:48 PM

Hi
 
Welcome :)
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.
Start:: 
SystemRestore: On 
CreateRestorePoint: 
CloseProcesses: 
 
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File) 
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File) 
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) 
Task: {BFF760C4-3CBF-4B2B-B051-D135A51DDD9F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
U3 aspnet_state; no ImagePath 
 
Comment: Commands to reset settings and cleanup
 
StartRegedit:
Windows Registry Editor Version 5.00
    
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
 
EndRegedit:
 
StartBatch:
  pushd\windows\system32
  bcdedit.exe /export C:\exportBCDfile
  bcdedit.exe /set {default} recoveryenabled yes
  bcdedit /enum
  sfc /scannow
  DISM.exe /Online /Cleanup-image /Restorehealth
  sfc /scannow
Endbatch:
 
StartBatch:
 SETLOCAL ENABLEEXTENSIONS
 echo userprofile=%USERPROFILE%
 if not defined userprofile echo no userprofile&goto :eof
  del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.dl*"
  del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.ex*"
  del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.zi*"
  del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.sy*"
  del /f /q "%userprofile%\AppData\Roaming\{*.*"
  rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"
  rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"
  rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"
  del /s /q "%userprofile%\AppData\Local\Temp\*.*"
  del /f /q "%userprofile%\AppData\Local\*-gui"
  del /f /q "%userprofile%\AppData\Roaming\*-gui"
 :eof
EndBatch:
 
 
startpowershell:
Write-Output "PowerShell run 1"
 
Set-Service -Name "BITS" -StartupType Manual -Verbose
Set-Service -Name "Dhcp" -StartupType Automatic -Verbose
Set-Service -Name "EventLog" -StartupType Automatic -Verbose
Set-Service -Name "EventSystem" -StartupType Automatic -Verbose
Set-Service -Name "nsi" -StartupType Automatic -Verbose
Set-Service -Name "RasMan" -StartupType Manual -Verbose
Set-Service -Name "SDRSVC" -StartupType Manual -Verbose
Set-Service -Name "SstpSvc" -StartupType Manual -Verbose
Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose
Set-Service -Name "VSS" -StartupType Manual -Verbose
Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose
Set-Service -Name "wuauserv" -StartupType Manual -Verbose
Set-Service -Name "windefend" -StartupType Automatic -Verbose
Set-Service -Name "securityhealthservice" -StartupType Manual -Verbose
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1
Endpowershell:
 
StartBatch:
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
 
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
 
 
startpowershell:
Write-Output "PowerShell run 2"
 
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force
# Check computer status again after setting to make sure changes were applied
    Get-MpComputerStatus
    Get-MpPreference
    Get-MpThreatDetection
# get statuses of services
Get-Service 'Terminal Server' | Select-Object -Property Name, StartType, Status
Get-Service BITS | Select-Object -Property Name, StartType, Status
Get-Service Dhcp | Select-Object -Property Name, StartType, Status
Get-Service EventLog | Select-Object -Property Name, StartType, Status
Get-Service EventSystem | Select-Object -Property Name, StartType, Status
Get-Service mbamservice | Select-Object -Property Name, StartType, Status
Get-Service mpsdrv | Select-Object -Property Name, StartType, Status
Get-Service MpsSvc | Select-Object -Property Name, StartType, Status
Get-Service msiserver | Select-Object -Property Name, StartType, Status
Get-Service nsi | Select-Object -Property Name, StartType, Status
Get-Service RasMan | Select-Object -Property Name, StartType, Status
Get-Service rpcss | Select-Object -Property Name, StartType, Status
Get-Service SDRSVC | Select-Object -Property Name, StartType, Status
Get-Service sense | Select-Object -Property Name, StartType, Status
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Get-Service SstpSvc | Select-Object -Property Name, StartType, Status
Get-Service TrustedInstaller | Select-Object -Property Name, StartType, Status
Get-Service UsoSvc | Select-Object -Property Name, StartType, Status
Get-Service VSS | Select-Object -Property Name, StartType, Status
Get-Service wdnissvc | Select-Object -Property Name, StartType, Status
Get-Service windefend | Select-Object -Property Name, StartType, Status
Get-Service Winmgmt | Select-Object -Property Name, StartType, Status
Get-Service wscsvc | Select-Object -Property Name, StartType, Status
Get-Service wuauserv | Select-Object -Property Name, StartType, Status
New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound –LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol tcp -Action Block
New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound –LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol udp -Action Block
wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}
EndPowerShell:
 
cmd: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
exportkey: hkcu\software\classes\ms-settings\shell\open\command
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
 
Comment: Use Farbar routine
 
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\drivers\*.tmp
C:\WINDOWS\syswow64\*.tmp
 
startbatch:
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\*.*"
del /s /q "%userprofile%\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\*.*"
del /s /q "%userprofile%\AppData\Local\Temp\*.exe"
del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\uwj5v52h.default\cache2\*.*"
del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\9drvj32f.default-release\cache2\*.*"
endbatch:
 
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R 
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R 
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R 
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R 
HOSTS:
Removeproxy:
CMD: fltmc instances
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
 
EMPTYTEMP:
End::
  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

  • Delete IFEO keys
  • Delete tracing keys
  • Delete Prefetch files
  • Reset Proxy
  • Reset IE Policies
  • Reset Chrome policies
  • Reset Winsock
  • Reset HOSTS file
  • Click Scan Now ...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.

Please post the contents of the file in your next reply.
 
 


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed

#4 JSntgRvr

JSntgRvr

    Malware Fighter


  • Avatar image
  • Malware Response Team
  • 16,122 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:24 PM

Posted Yesterday, 10:13 AM

Are you still with us?

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed

Back to Virus, Trojan, Spyware, and Malware Removal Help


5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·