This topic is locked
Good Afternoon, my name is Ken and I am working on my 90+ year old neighbor’s HP Laptop MD 17-by4061cl. They is very smart and has led a very successful life and the help I have had to give them has been mostly supportive. (ie. what computer to buy, getting it setup, how do I scan a document, etc. and responding to questions like “is this email legit” and so on) Recently, however, they have skipped asking me and responded to a few “sloppy” attempts to gain access to their system. This apparently happened again around 6pm est 7FEB25, involving a phone conversation and access to their computer (I have been unable to determine what program and/or method was used for the access). Examining their computer this morning I can report the following:
1. All Icons are missing from the desktop except the recycle bin
2. Malewarebytes Scan showed no threats found
3. I attempted to run Revo Uninstaller to look for suspicious programs that may have been installed only to get an error that the program refereed to buy the shortcut had been changed or removed and offered to delete the shortcut. Leading me to find that several other programs in the app list failed to launch in the same way.
4. All library folders appear to be empty
-- At this point I decided I should get help and here I am.
I currently have the their Laptop at my place not connected to the internet and am communicating with you via my computer.
This may need to go under the "X-Files"... They informed me that they tried to call me by phone when this was going on but I did not answer. Checking my phone this morning I find that they indeed did call but my phone blocked both calls, yet their call this am came thru just fine as had every other call they have made to me. Alien hackers maybe?? Logs follow:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2025
Ran by yagne (administrator) on LAPTOP-T4OQ8F35 (HP HP Laptop 17-by4xxx) (08-02-2025 13:23:14)
Running from C:\Users\yagne\Desktop\FRST64.exe
Loaded Profiles: yagne
Platform: Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(C:\Users\yagne\AppData\Local\Apps\2.0\MAMT0NDE.Z8L\5HB5GXTY.ANP\scre..tion_25b0fbb6ef7eb094_0017.0009_363f47142d5c05a4\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Users\yagne\AppData\Local\Apps\2.0\MAMT0NDE.Z8L\5HB5GXTY.ANP\scre..tion_25b0fbb6ef7eb094_0017.0009_363f47142d5c05a4\ScreenConnect.WindowsClient.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEMN.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\BridgeCommunication.exe <2>
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Adguard Software Limited -> Adguard Software Limited) C:\Program Files\AdGuard\Adguard.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(services.exe ->) (Adguard Software Limited -> Adguard Software Limited) C:\Program Files\AdGuard\AdguardSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Users\yagne\AppData\Local\Apps\2.0\MAMT0NDE.Z8L\5HB5GXTY.ANP\scre..tion_25b0fbb6ef7eb094_0017.0009_363f47142d5c05a4\ScreenConnect.ClientService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc; HP Development Company, L.P.) C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9209370f26b70e29\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_783e291a8960d8a8\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9971779a1c712866\RtkAudUService64.exe <2>
(services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(services.exe ->) (SentryBay Limited -> AOL) [File not signed] C:\Program Files (x86)\AOL\DataMask by AOL\dpsservice.exe
(services.exe ->) (SentryBay Limited -> SentryBay) C:\Program Files (x86)\AOL\DataMask by AOL\entryprotect\entryprotect.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.5363_none_7e1ab0d27c839437\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9971779a1c712866\RtkAudUService64.exe [1201968 2020-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Adguard] => C:\Program Files\AdGuard\Adguard.exe [7323160 2024-10-25] (Adguard Software Limited -> Adguard Software Limited)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-02-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Data Protection Suite] => "C:\Program Files (x86)\AOL\DataMask by AOL\dps.exe" (No File)
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-25] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\Run: [MicrosoftEdgeAutoLaunch_DAB71B094CF2BA9508A6FE7332C3E6CF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\Run: [com.messenger] => "C:\Users\yagne\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\MountPoints2: {f784a2cb-7d1d-11eb-a525-6c02e0b174f8} - "F:\LaunchU3.exe" -a
HKLM\...\Windows x64\Print Processors\Canon iP1600 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD75.DLL [31744 2006-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP1600: C:\windows\system32\CNMLM75.DLL [245248 2006-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.53\Installer\chrmstp.exe [2025-02-04] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7A6A30E6-0D49-4A94-95E9-518097903ECF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (No File)
Task: {575CBC58-E9A7-4B4F-8636-2CC38D1D85EA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CC7AA840-9E81-4DE3-9D2C-4F239E53A1BA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F7EF4F3B-8867-43D5-93BA-566E5866F238} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{1073D13F-BC3B-49A9-9BDF-2DE2598909E6} => "C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --wake --system (No File)
Task: {2C9A85FC-BF08-4C0B-A9AA-D619C97F29EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {C9035B6D-17E9-49B6-96EF-BFB27E033A37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe /send (No File)
Task: {D3842B0E-3E41-40FF-9573-9F1EF251AAA2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {C85EF018-5880-4A0F-AD05-5783FC987B32} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {0C6D69CA-66ED-40FE-9374-7E032B3C7EA8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (No File)
Task: {5B7A6001-190A-4C3B-A549-10BAD251863E} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (No File)
Task: {806909B1-88B1-41C3-9407-91A57FB6D0C5} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {C14B2DAA-C855-4BBD-A921-9EA155E44344} - System32\Tasks\HPDataRetriever => C:\ProgramData\HP\Telemetry\collectors\hp-telemetry-application-info-collector_ver_4.675.11370\hp-data-retriever.exe (No File)
Task: {92D0C384-E159-431B-9AB2-2B3D1D438017} - System32\Tasks\HPOneAgentRepairTask => C:\ProgramData\Package Cache\{0F4D9B90-03E9-4FE2-8077-E62C7E928EEB}\HPOneAgent.exe [1169728 2025-01-30] (HP Inc. -> HP Inc; HP Development Company, L.P.)
Task: {A7BA6F6B-11CC-4A39-8D42-81F7C892C237} - System32\Tasks\HPSupportTool => C:\ProgramData\HP\Telemetry\collectors\hp-telemetry-iolo-collector_ver_4.675.11370\HPSupportAssistant1.exe (No File)
Task: {FCCA4AE4-AAFB-421A-BB2F-60CD7DFF1415} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2472177153-966439922-2771316724-1001 => C:\Users\yagne\AppData\Local\Programs\Messenger\MessengerHelper.exe [2149112 2022-12-16] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {6141AF12-BFA1-4EF6-BC29-8301C40620B9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
Task: {4727569D-4E76-44F3-9DAA-7970ADC6FC01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 (No File)
Task: {66BA3A57-3B9A-4138-9DEC-245F8A77D8F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload (No File)
Task: {C718AEEB-C4E4-4F55-B795-D67B7847AAE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51E713E4-1A17-4559-B897-AF8ACEA416A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {12F372C2-F6F5-4BB3-B97B-FA5E8B3B8CED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {41D79DAA-ED07-46C1-BB6D-88688268F148} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {318A1648-2D4E-4BA6-AFCD-0129C0FDAE6F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {A8DB8CA7-5EA9-42ED-98D9-03688FEA4CF6} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {8644F982-9FD6-4ADF-9A9C-97FDC0CF9CF8} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {E718D044-8F6E-48E7-953D-85D8F0FF19E2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2472177153-966439922-2771316724-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {6A83564C-9F20-4F64-B7D8-3E90CFD86EA7} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2472177153-966439922-2771316724-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\windows\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6B83B03A-AF9E-4B78-9051-A4F463647176} - System32\Tasks\SentryBayUpdateTaskMachineCore => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe /c (No File)
Task: {627ED657-3AE7-4363-9AFA-55FA651BC627} - System32\Tasks\SentryBayUpdateTaskMachineUA => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe /ua /installsource scheduler (No File)
Task: {7D4471EC-3FA6-479A-A314-E941EDAFD219} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe -> C:\Program Files (x86)\Tweaking.com\Registry Backup\/silent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{488c6d3e-995f-4013-8b11-127b4c8e8769}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{488c6d3e-995f-4013-8b11-127b4c8e8769}: [DhcpDomain] tampabay.rr.com
Tcpip\..\Interfaces\{8121da55-0373-4116-9009-1972efc04c37}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8121da55-0373-4116-9009-1972efc04c37}: [DhcpDomain] lan
Tcpip\..\Interfaces\{8121da55-0373-4116-9009-1972efc04c37}\75946494336464134333: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8121da55-0373-4116-9009-1972efc04c37}\75946494336464134333D25374: [DhcpNameServer] 209.18.47.61 209.18.47.62
Edge:
=======
Edge Profile: C:\Users\yagne\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-08]
Edge HomePage: Default -> hxxps://www.google.com/
Edge Extension: (Google Docs Offline) - C:\Users\yagne\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-20]
Edge Extension: (Edge relevant text changes) - C:\Users\yagne\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-30]
Edge Extension: (Armored ID Protection) - C:\Users\yagne\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgajinclokffebemgllomdalhbnbppol [2025-01-16]
Edge HKLM-x32\...\Edge\Extension: [kgajinclokffebemgllomdalhbnbppol]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [No File]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\yagne\AppData\Local\Google\Chrome\User Data\Default [2025-02-07]
CHR Notifications: Default -> hxxps://my.norton.com; hxxps://spectrum.pch.com; hxxps://www.instantcheckmate.com; hxxps://www.messenger.com; hxxps://www.truthfinder.com
CHR Extension: (AdGuard Browser Assistant) - C:\Users\yagne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbohpolgemkbfphodcfgnpjcmedcjhpn [2024-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\yagne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Armored ID Protection) - C:\Users\yagne\AppData\Local\Google\Chrome\User Data\Default\Extensions\piaceojllnikpkafghlgpilfhkdgcjoc [2025-02-02]
CHR HKU\S-1-5-21-2472177153-966439922-2771316724-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [piaceojllnikpkafghlgpilfhkdgcjoc]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adguard Service; C:\Program Files\AdGuard\AdguardSvc.exe [804376 2024-10-25] (Adguard Software Limited -> Adguard Software Limited)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.)
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [156552 2020-06-30] (Canon Inc. -> CANON INC.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [48528 2025-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 dpsservice; C:\Program Files (x86)\AOL\DataMask by AOL\dpsservice.exe [2298080 2024-12-03] (SentryBay Limited -> AOL) [File not signed]
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\217.4.4417\DropboxElevationService.exe [1659280 2025-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 entryprotect.service; C:\Program Files (x86)\AOL\DataMask by AOL\EntryProtect\entryprotect.exe [5160320 2025-01-14] (SentryBay Limited -> SentryBay)
S2 entryprotectsvc; C:\Program Files (x86)\AOL\DataMask by AOL\entryprotect\entryprotect.exe [5160320 2025-01-14] (SentryBay Limited -> SentryBay)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [2338344 2024-12-13] (HP Inc. -> HP Inc; HP Development Company, L.P.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe [888416 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe [887392 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe [883808 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe [887904 2025-01-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-08] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_783e291a8960d8a8\AS\IAS\IntelAudioService.exe [539808 2021-06-25] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-20] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ScreenConnect Client (7f0adfce-5152-4963-be11-7519a7760324); C:\Users\yagne\AppData\Local\Apps\2.0\MAMT0NDE.Z8L\5HB5GXTY.ANP\scre..tion_25b0fbb6ef7eb094_0017.0009_363f47142d5c05a4\ScreenConnect.ClientService.exe [95520 2024-11-19] (Connectwise, LLC -> ) <==== ATTENTION
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13257000 2021-07-01] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2021-03-06] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S2 GoogleUpdaterInternalService134.0.6985.0; "C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --system --windows-service --service=update-internal [X]
S2 GoogleUpdaterService134.0.6985.0; "C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --system --windows-service --service=update [X]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 sbu; "C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe" /svc [X]
S3 sbum; "C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe" /medsvc [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworkwfpdrv; C:\windows\System32\drivers\adgnetworkwfpdrv.sys [90792 2024-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Adguard Software Limited)
S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [135296 2020-05-18] (Alcorlink Corp. -> )
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [282624 2023-05-10] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [147968 2022-04-13] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_a377b182eb0b1769\iaLPSS2_SPI_TGL.sys [156936 2020-06-29] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_17edb8d819140063\iaLPSS2_UART2_TGL.sys [311560 2020-06-29] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\windows\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_dbc6c9a565544beb\IntcUSB.sys [1671728 2021-06-25] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_c1ab43039f3a07f6\gna.sys [83864 2020-07-27] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R2 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [232024 2025-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239568 2024-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl87004d55; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E5A142B-89D4-4E2B-99D4-C26735DC36AE}\MpKslDrv.sys [267552 2025-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 RevoProcessDetector; C:\windows\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [22104 2024-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [606624 2024-11-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S3 entryprotect.driver.service; \??\C:\Program Files (x86)\AOL\DataMask by AOL\entryprotect\entryprotect.sys [X]
S3 MpKslb617d372; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD29DDF1-68B0-40A6-BB58-1167B80B5A74}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-08 13:23 - 2025-02-08 13:23 - 000030049 _____ C:\Users\yagne\Desktop\FRST.txt
2025-02-08 13:22 - 2025-02-08 13:23 - 000000000 ____D C:\FRST
2025-02-08 13:22 - 2025-02-08 13:22 - 000000000 ____D C:\Users\yagne\Desktop\FRST-OlderVersion
2025-02-08 13:21 - 2025-02-08 13:22 - 002403328 _____ (Farbar) C:\Users\yagne\Desktop\FRST64.exe
2025-02-05 04:30 - 2025-02-05 04:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-02-04 07:02 - 2025-02-04 07:02 - 000048528 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2025-01-24 18:22 - 2025-01-24 18:22 - 000000000 ____D C:\Users\yagne\AppData\Local\ToastNotificationManagerCompat
2025-01-15 02:32 - 2025-01-15 02:32 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-08 13:18 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-08 13:17 - 2024-11-20 06:09 - 000000000 ____D C:\Users\yagne\AppData\Local\Malwarebytes
2025-02-08 13:06 - 2021-03-05 16:15 - 000000000 ____D C:\ProgramData\Adguard
2025-02-08 13:06 - 2020-05-06 04:03 - 000846280 _____ C:\windows\system32\PerfStringBackup.INI
2025-02-08 13:06 - 2019-12-07 04:13 - 000000000 ____D C:\windows\INF
2025-02-08 13:04 - 2021-03-04 12:12 - 000000000 ____D C:\Users\yagne\AppData\Local\CrashDumps
2025-02-08 13:03 - 2024-03-07 18:27 - 000000980 _____ C:\windows\system32\x509Req.pem
2025-02-08 13:02 - 2021-12-14 18:28 - 000000000 ____D C:\windows\SystemTemp
2025-02-08 13:02 - 2021-03-04 13:04 - 000000938 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2025-02-08 13:02 - 2021-03-04 13:04 - 000000934 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2025-02-08 13:02 - 2021-03-04 12:56 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-02-08 13:02 - 2021-03-04 10:57 - 000000000 __SHD C:\Users\yagne\IntelGraphicsProfiles
2025-02-08 13:02 - 2021-03-04 10:53 - 000000000 ____D C:\Users\yagne
2025-02-08 13:02 - 2020-08-22 04:40 - 000000000 ____D C:\Intel
2025-02-08 13:02 - 2020-05-06 03:58 - 000008192 ___SH C:\DumpStack.log.tmp
2025-02-08 13:02 - 2020-05-06 03:58 - 000000006 ____H C:\windows\Tasks\SA.DAT
2025-02-08 13:02 - 2019-12-07 04:14 - 000000000 ____D C:\windows\ServiceState
2025-02-08 11:47 - 2021-03-10 13:21 - 000000000 ____D C:\Users\yagne\AppData\Local\D3DSCache
2025-02-08 11:44 - 2021-03-04 14:17 - 000000000 ____D C:\Users\yagne\AppData\Roaming\Microsoft\MMC
2025-02-08 11:27 - 2020-05-06 03:58 - 000000000 ____D C:\windows\system32\SleepStudy
2025-02-08 03:12 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-08 03:12 - 2019-12-07 04:14 - 000000000 ____D C:\windows\AppReadiness
2025-02-07 20:12 - 2021-03-05 16:19 - 000000000 ____D C:\ProgramData\Package Cache
2025-02-07 17:52 - 2021-03-04 13:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-02-07 17:50 - 2021-03-06 12:48 - 000000000 ____D C:\Program Files (x86)\Unchecky
2025-02-07 17:50 - 2020-08-22 04:46 - 000000000 ___RD C:\Program Files (x86)\Online Services
2025-02-07 17:50 - 2020-08-22 04:45 - 000000000 ____D C:\Program Files (x86)\HP
2025-02-07 17:50 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2025-02-07 17:49 - 2023-07-19 11:21 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-02-07 17:49 - 2021-03-06 14:18 - 000000000 ____D C:\Program Files (x86)\Canon
2025-02-07 17:49 - 2021-03-04 14:58 - 000000000 ____D C:\Program Files\Microsoft Office
2025-02-07 17:49 - 2021-03-04 11:44 - 000000000 ____D C:\Program Files\7-Zip
2025-02-07 17:49 - 2020-08-22 04:47 - 000000000 ____D C:\Program Files\HPCommRecovery
2025-02-07 17:49 - 2020-08-22 04:46 - 000000000 ___RD C:\Program Files\Online Services
2025-02-07 17:49 - 2020-08-22 04:45 - 000000000 ____D C:\Program Files\HP
2025-02-07 17:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2025-02-07 17:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-07 17:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-02-07 17:25 - 2024-11-19 15:35 - 000000000 ____D C:\Users\yagne\AppData\Local\Deployment
2025-02-05 04:31 - 2021-03-04 13:04 - 000000000 ____D C:\Users\yagne\AppData\Roaming\Dropbox
2025-02-05 04:31 - 2021-03-04 13:04 - 000000000 ____D C:\Users\yagne\AppData\Local\Dropbox
2025-02-04 16:30 - 2021-03-04 11:05 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-04 04:31 - 2021-03-05 02:50 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2025-02-04 04:30 - 2022-10-23 15:48 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-03 17:55 - 2020-12-22 16:08 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-30 14:04 - 2024-01-29 05:32 - 000003846 _____ C:\windows\system32\Tasks\HPOneAgentRepairTask
2025-01-24 16:30 - 2021-03-04 13:04 - 000003998 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineUA
2025-01-24 16:30 - 2021-03-04 13:04 - 000003766 _____ C:\windows\system32\Tasks\DropboxUpdateTaskMachineCore
2025-01-15 22:49 - 2021-03-04 11:08 - 000000000 ____D C:\windows\system32\MRT
2025-01-15 04:43 - 2021-03-04 11:16 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2025-01-15 04:42 - 2024-11-20 08:38 - 000000000 ____D C:\Program Files\AdGuard
2025-01-15 04:41 - 2019-12-07 04:14 - 000000000 ____D C:\windows\SystemResources
2025-01-15 04:41 - 2019-12-07 04:14 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2025-01-15 04:41 - 2019-12-07 04:14 - 000000000 ____D C:\windows\system32\appraiser
2025-01-15 04:41 - 2019-12-07 04:14 - 000000000 ____D C:\windows\bcastdvr
2025-01-15 04:41 - 2019-12-07 04:03 - 001048576 _____ C:\windows\system32\config\BBI
2025-01-15 02:38 - 2019-12-07 04:03 - 000000000 ____D C:\windows\CbsTemp
2025-01-15 02:36 - 2020-05-06 04:01 - 003016192 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2025-01-15 02:13 - 2021-03-04 11:08 - 206927936 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2025-01-11 18:04 - 2020-12-22 16:04 - 000000000 ____D C:\ProgramData\Packages
2025-01-10 15:02 - 2020-12-22 16:07 - 000000000 ____D C:\windows\system32\Tasks\HP
2025-01-10 12:11 - 2020-08-22 04:46 - 000000000 ____D C:\ProgramData\HP
2025-01-09 15:15 - 2021-03-04 15:24 - 000000000 ____D C:\Users\yagne\AppData\Roaming\Microsoft\Word
==================== Files in the root of some directories ========
2023-12-21 04:42 - 2023-12-21 04:42 - 000000273 _____ () c:\ProgramData\fontcacheev1.dat
2023-06-11 15:03 - 2023-06-11 15:03 - 000007606 _____ () C:\Users\yagne\AppData\Local\Resmon.ResmonCfg
==================== FLock ==============================
2024-11-20 05:56 C:\windows\UV_LastPW.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025
Ran by yagne (08-02-2025 13:24:15)
Running from C:\Users\yagne\Desktop
Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) (2021-03-04 23:52:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2472177153-966439922-2771316724-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2472177153-966439922-2771316724-503 - Limited - Disabled)
Guest (S-1-5-21-2472177153-966439922-2771316724-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2472177153-966439922-2771316724-504 - Limited - Disabled)
yagne (S-1-5-21-2472177153-966439922-2771316724-1001 - Administrator - Enabled) => C:\Users\yagne
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AdGuard (HKLM\...\{34C8430B-F45C-476C-951C-1CB99B698563}) (Version: 7.19.4853.0 - Adguard Software Limited) Hidden
AdGuard (HKLM-x32\...\{70955765-7afe-4004-9880-5e48ebc7b4fa}) (Version: 7.19.4853.0 - Adguard Software Limited)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20399 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon iP1600 (HKLM\...\CANONBJ_Deinstall_CNMCP75.DLL) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.03 - Canon Inc.)
DataMask by AOL (HKLM-x32\...\{A3217415-0BD4-4252-BF9F-3AF4A267B04C}) (Version: 7.2.0.14166 - AOL)
Dropbox (HKLM-x32\...\Dropbox) (Version: 217.4.4417 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
EntryProtect (HKLM\...\{597BD198-C17F-4B95-86A5-97665E91E06A}) (Version: 7.5.1.12068 - SentryBay) Hidden
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.3.1570 - Software MacKiev)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.53 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP One Agent (HKLM\...\{0F4D9B90-03E9-4FE2-8077-E62C7E928EEB}) (Version: 1.1.728.6140 - HP Inc.)
HP One Agent (HKLM\...\{446A6439-F00B-422B-829F-8AB9CE3A08C4}) (Version: 1.1.728.6140 - HP Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
Messenger (HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 172.0.429623856 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 132.0.2957.140 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.140 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Standard 2013 (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller 2.5.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.0 - VS Revo Group, Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.19.5 - TeamViewer)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Packages:
=========
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-03-04] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.14.225.0_x64__v10z8vjag6ke6 [2023-05-10] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.7.0.0_x64__v10z8vjag6ke6 [2025-01-30] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-12-16] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_157.1.1186.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2024-12-21] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6 [2025-01-24] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-21] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-03-07] (INTEL CORP)
Lighthouses by Day -> C:\Program Files\WindowsApps\Microsoft.LighthousesbyDay_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-04] (Microsoft Corporation)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_39.52446.140.0_x64__v10z8vjag6ke6 [2024-11-26] (HP Inc.) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6 [2022-10-23] ()
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-15] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.22.0_x64__kx24dqmazqk8j [2024-11-21] (Random Salad Games LLC)
sMedio True DVD for HP -> C:\Program Files\WindowsApps\0E3921EB.sMedioTrueDVDforHP_1.1.160.0_x64__agwrg61xdd7p4 [2024-11-20] (sMedio Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2472177153-966439922-2771316724-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2472177153-966439922-2771316724-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2472177153-966439922-2771316724-1001_Classes\CLSID\{7d043d4e-4259-f459-3630-7b434fd7752c}\localserver32 -> C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (HP Inc. -> HP Inc.)
CustomCLSID: HKU\S-1-5-21-2472177153-966439922-2771316724-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\yagne\Dropbox [2021-03-04 13:05]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-20] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-12-03 18:54 - 2024-12-03 18:54 - 008733696 _____ () [File not signed] C:\Program Files (x86)\AOL\DataMask by AOL\license.dll
2025-01-16 04:02 - 2025-01-16 04:02 - 000138240 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9598ca96adcc0ca69c9aab02740285df\Interop.IWshRuntimeLibrary.ni.dll
2025-01-16 04:05 - 2025-01-16 04:05 - 000869376 _____ (.NET Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T417b639d#\75490e8a5fa2a290f58c8ed742cd453b\Microsoft.Toolkit.Uwp.Notifications.ni.dll
2025-01-16 04:02 - 2025-01-16 04:02 - 000134656 _____ (hardcodet.net) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\add51fe13e040d509af3e30f25fdbfc0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2025-01-16 04:06 - 2025-01-16 04:06 - 000432128 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\e429a0da8c01bbfb60111abb02574fc9\LauncherSDK.ni.dll
2025-01-16 04:06 - 2025-01-16 04:06 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\f83258b406f7e0011032448137b9e628\Logging.ni.dll
2025-01-16 04:06 - 2025-01-16 04:06 - 000153088 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\5eb29205e8622c36ff2f873c925e0073\RpcClient.ni.dll
2025-01-16 04:06 - 2025-01-16 04:06 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\2f0514d286050fa258df463fe1ada8f9\WMISDK.ni.dll
2021-03-04 11:44 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2025-01-16 04:02 - 2025-01-16 04:02 - 001700864 _____ (Mark Heath & Contributors) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\NAudio\a880c9cde4bc51b3a2864ed9eacfcaf9\NAudio.ni.dll
2025-01-16 04:02 - 2025-01-16 04:02 - 003062272 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\bb25e6d0a1a36a36fe8b9a04b77bc1b7\Newtonsoft.Json.ni.dll
2025-01-16 04:06 - 2025-01-16 04:06 - 003884544 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\16b5644c5c2fc36401b8037787a12985\Newtonsoft.Json.ni.dll
2025-01-16 04:02 - 2025-01-16 04:02 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\log4net\14603f5c0b2f199021dbceffa2b4dbc7\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7f0adfce-5152-4963-be11-7519a7760324) => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL No File
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 04:14 - 2025-02-08 13:02 - 000002103 _____ C:\windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\yagne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Data Protection Suite"
HKLM\...\StartupApproved\Run32: => "PhishLock"
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-2472177153-966439922-2771316724-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DAB71B094CF2BA9508A6FE7332C3E6CF"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{B851197A-165E-4EC2-A59F-73A841213B3E}C:\users\yagne\appdata\local\logmein rescue applet\lmir09e54001.tmp\lmi_rescue_srv.exe] => (Block) C:\users\yagne\appdata\local\logmein rescue applet\lmir09e54001.tmp\lmi_rescue_srv.exe => No File
FirewallRules: [UDP Query User{861BD9D9-3256-43C1-9127-E721D9C867D4}C:\users\yagne\appdata\local\logmein rescue applet\lmir09e54001.tmp\lmi_rescue_srv.exe] => (Block) C:\users\yagne\appdata\local\logmein rescue applet\lmir09e54001.tmp\lmi_rescue_srv.exe => No File
FirewallRules: [TCP Query User{B09A1814-FB44-4896-BE57-B220CBB2A6B5}C:\users\yagne\appdata\local\logmein rescue applet\lmir0e103001.tmp\lmi_rescue_srv.exe] => (Allow) C:\users\yagne\appdata\local\logmein rescue applet\lmir0e103001.tmp\lmi_rescue_srv.exe => No File
FirewallRules: [UDP Query User{4199CD7C-01D7-4ACA-A1D3-1BA0A88C04C1}C:\users\yagne\appdata\local\logmein rescue applet\lmir0e103001.tmp\lmi_rescue_srv.exe] => (Allow) C:\users\yagne\appdata\local\logmein rescue applet\lmir0e103001.tmp\lmi_rescue_srv.exe => No File
FirewallRules: [{3DBFF43D-9D46-4CB3-B0C3-E8578C41681F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{8D0C8466-B21E-409C-9045-43A53BEB4856}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{18CC8D54-CA78-42BD-95A1-EF8A55F1D9A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{69AB9FD1-E2EF-4BA3-9FDF-4A6F454D262D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AB6D92B1-85B6-4A85-9B21-C947291A99BA}] => (Allow) C:\Program Files\AdGuard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Limited)
FirewallRules: [{EA6F9884-5EB2-4673-B90F-BB4A9E8A295B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe => No File
FirewallRules: [{7708666D-5DF8-4E49-8605-9B26BC8D8A16}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [{504F6B37-BA38-4767-9489-604373D577AD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5C997F44-6A7A-4988-8B41-B7D7B3DE39E2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
23-01-2025 04:40:26 Scheduled Checkpoint
01-02-2025 04:02:15 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/08/2025 01:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x3030
Faulting application start time: 0x01db7a53a7bc4d79
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: cdac4d68-7b1e-4282-8452-ab128083f608
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x3ee0
Faulting application start time: 0x01db7a490d810daa
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: c68bb58d-91ba-4f3c-bdd7-48722b2297ef
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x8ec
Faulting application start time: 0x01db7a4909f959f1
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: 8565e488-336f-47d6-9253-16569abb4f12
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x2b3c
Faulting application start time: 0x01db7a49066e3a4a
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: 5344477d-c6a7-4790-b28a-e591eae8f603
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x3e0c
Faulting application start time: 0x01db7a4902321987
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: 431b6c58-d2b5-4859-aee7-ea1f9a36c042
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x4380
Faulting application start time: 0x01db7a48fdb7b4f7
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: 7b6fbaf8-60a3-45e5-9f9b-9966cb22b702
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x630
Faulting application start time: 0x01db7a48f83b492c
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: e96ab94a-3aa3-4f54-97c7-881637285743
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2025 11:46:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 217.4.4417.0, time stamp: 0x8aa6765d
Faulting module name: Qt5Core.dll, version: 5.13.2.0, time stamp: 0x62e8b86e
Exception code: 0xc0000409
Fault offset: 0x000000000001e0f8
Faulting process id: 0x478c
Faulting application start time: 0x01db7a48ed5767a7
Faulting application path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Faulting module path: C:\Program Files (x86)\Dropbox\Client\217.4.4417\Qt5Core.dll
Report Id: a5bb2b15-8873-4350-8013-c84ee8f970e3
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (02/08/2025 01:04:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Guard Runtime Monitor Broker service terminated with the following error:
%%3489660935
Error: (02/08/2025 01:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SentryBay Update Service (sbu) service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/08/2025 01:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Edge Update Service (edgeupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/08/2025 01:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoogleUpdaterService134.0.6985.0 service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/08/2025 01:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoogleUpdaterInternalService134.0.6985.0 service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/08/2025 01:02:13 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The entryprotectsvc service depends on the following service: epinject6. This service might not be installed.
Error: (02/08/2025 01:02:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:37:38 AM on 2/8/2025 was unexpected.
Error: (02/08/2025 01:01:58 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Windows Defender:
================
Date: 2025-02-07 16:32:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-06 16:44:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-06 16:44:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-05 16:18:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-05 16:18:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-11-20 07:34:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.421.386.0;1.421.386.0
Engine Version: 1.1.24090.11
Date: 2024-11-20 06:46:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.421.386.0;1.421.386.0
Engine Version: 1.1.24090.11
Date: 2024-01-27 16:53:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2580.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070008
Error description: Not enough memory resources are available to process this command.
Date: 2024-01-27 16:53:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2580.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070008
Error description: Not enough memory resources are available to process this command.
Date: 2024-01-27 16:53:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2580.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070008
Error description: Not enough memory resources are available to process this command.
CodeIntegrity:
===============
Date: 2025-02-08 13:13:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-02-08 13:12:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-02-08 05:07:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.02 10/27/2020
Motherboard: HP 881B
Processor: 11th Gen Intel® Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 7856.6 MB
Available physical RAM: 3467.77 MB
Total Virtual: 9072.6 MB
Available Virtual: 3977.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:237.7 GB) (Free:147.95 GB) (Model: NVMe SAMSUNG MZVLQ256HAJD-000H1) (Protected) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:930.55 GB) (Model: TOSHIBA MQ04ABF100) (Protected) NTFS
Drive f: (Medicat) (Removable) (Total:117.16 GB) (Free:78.68 GB) NTFS
\\?\Volume{7b2d4898-f2ae-4ec7-8895-1ffa95434562}\ (Windows RE tools) (Fixed) (Total:0.5 GB) (Free:0.06 GB) NTFS
\\?\Volume{297a0fa2-fbf3-417a-ac4f-e992b641fd3a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3A352839)
Partition: GPT.
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 1E1F4777)
Partition: GPT.
==========================================================
Disk: 2 (Size: 117.2 GB) (Disk ID: 914D9F68)
Partition: GPT.
==================== End of Addition.txt =======================
A little different with all the missing programs, some are only "Uninstall" option, some are "Uninstall/Change" for option and still at least one Family Tree Maker that I checked the option is "Uninstall Change Repair" yet with any of them when selected they fail.
Sign In
Create Account
