www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/764539/windows-11-support/#entry5291846
Effective URL: https://www.bleepingcomputer.com/forums/t/764539/windows-11-support/
Submission: On December 06 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/764539/windows-11-support/
Submission: On December 06 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:764539" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="764539">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/764539/windows-11-support/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Malicious Excel XLL add-ins push RedLine password-stealing
malware
Featured Deal: Learn how to develop Android apps with 3 in-depth courses for $13
WINDOWS 11 SUPPORT
Started by yoon_777 , Dec 03 2021 08:29 PM
* Please log in to reply
4 replies to this topic
#1 YOON_777
yoon_777
*
* Members
* 113 posts
* OFFLINE
* Local time:03:45 AM
Posted 03 December 2021 - 08:29 PM
What is this?
Other suspicious behavior, Housecall scans don't work. Playback controls become
active when mouse isn't active on it.
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V141364 Read More
Read More Read More Read More Read More Read More Malicious Excel XLL add‑ins
push RedLinepassword‑stealing malware 1/1 Skip Ad Continue watching after the ad
Visit Advertiser website GO TO PAGE
--------------------------------------------------------------------------------
#2 NASDAQ
nasdaq
*
* Malware Response Team
* 47,228 posts
* OFFLINE
* Gender:Male
* Location:Montreal, QC. Canada
* Local time:06:45 AM
Posted 04 December 2021 - 09:25 AM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the
instructions and complete all of the necessary steps in the order listed.
===
In order to give you sound advice I need more information.
If you do not have Malwarebytes installed just run it as suggested, If not:
Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer
*
Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word
"Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab
on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within
archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the
Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items,
and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window
that opens click the Export button, select Text file (*.txt), and save the log
to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the
View Report button.
Please post the log for my review.
Note: If asked to restart the computer, please do so immediately.
===
Please download AdwCleaner by Malwarebytes your Desktop.
*
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.
IMPORTANT
*
If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close
the AdwCleaner windows.
*
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===
Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy
and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please
attach it to your reply.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options"
button.
Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.
Please post the logs for my review.
Let me know what problems persists.
Wait for further instructions
p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if
Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====
* Back to top
--------------------------------------------------------------------------------
#3 YOON_777
yoon_777
* Topic Starter
*
* Members
* 113 posts
* OFFLINE
* Local time:03:45 AM
Posted 04 December 2021 - 10:31 PM
nasdaq, on 04 Dec 2021 - 2:25 PM, said:
>
>
> Hello, Welcome to BleepingComputer.
> I'm nasdaq and will be helping you.
>
> If you can please print this topic it will make it easier for you to follow
> the instructions and complete all of the necessary steps in the order listed.
> ===
>
> In order to give you sound advice I need more information.
>
>
> If you do not have Malwarebytes installed just run it as suggested, If not:
>
> Please download Malwarebytes Anti-Malware from Malwarebytes or
> from BleepingComputer
>
> *
>
> * Right-click on the MBAM icon and select Run as administrator to run the
> tool.
>
> * Click Yes to accept any security warnings that may appear.
>
> * Once the MBAM dashboard opens, on the right detail pane click on the word
> "Current" under the Scan Status to update the tool database.
>
> * On the left menu pane click the Settings tab, and then select the
> Protection tab on the top.
>
> * Under the Scan Options, turn on the button Scan for rootkits and Scan
> within archives.
>
> * Click the Scan tab on the right detail pane, select Threat Scan and click
> the Start Scan button
>
> * Note: The scan may take some time to finish, so please be patient.
>
> * If potential threats are detected, ensure to check mark all the listed
> items, and click the Quarantine Selected button.
>
> * While still on the Scan tab, click the View Report button, and in the
> window that opens click the Export button, select Text file (*.txt), and
> save the log to your Desktop.
>
> * The log can also be viewed by clicking the log to select it, then clicking
> the View Report button.
>
>
> Please post the log for my review.
>
> Note: If asked to restart the computer, please do so immediately.
> ===
>
> Please download AdwCleaner by Malwarebytes your Desktop.
> *
>
> * Close all open programs and internet browsers.
>
> * Double click on AdwCleaner.exe to run the tool.
>
> * Click the Scan button and wait for the process to complete.
>
> * Click the LogFile button and the report will open in Notepad.
>
>
> IMPORTANT
> *
>
> * If you click the Clean button all items listed in the report will be
> removed.
>
>
> If you find some false positive items or programs that you wish to keep, Close
> the AdwCleaner windows.
> *
>
> * Close all open programs and internet browsers.
>
> * Double click on AdwCleaner.exe to run the tool.
>
> * Click the Scan button and wait for the process to complete.
>
> * Check off the element(s) you wish to keep.
>
> * Click on the Clean button follow the prompts.
>
> * A log file will automatically open after the scan has finished.
>
> * Please post the content of that log file with your next answer.
>
> * You can find the log file at C:\AdwCleanerCx.txt (x is a number).
>
>
> ===
>
> Download the Farbar Recovery Scan Tool (FRST).
> Choose the 32 or 64 bit version for your system.
> and save it to a folder on your computer's Desktop.
> Ensure that you are in an Administrator Account
> Double-click to run it. When the tool opens click Yes to disclaimer.
> Check the boxes as seen here:
>
> Press Scan button.
> It will make a log (FRST.txt) in the same directory the tool is run. Please
> copy and paste it to your reply.
> The first time the tool is run, it makes also another log (Addition.txt).
> Please attach it to your reply.
>
> How to attach a file to your reply:
> In the Reply section in the bottom of the topic Click the "more reply Options"
> button.
>
>
> Attach the file(s). A 2 Steps process.
> Reply to this topic.
> Select the "Choose a File" navigate to the location of the File.
> Click the file you wish to Attach. <- Step 1.
> Click Attach this file. <- Step 2.
> Click the Add reply button.
>
> Please post the logs for my review.
>
> Let me know what problems persists.
>
> Wait for further instructions
>
> p.s.
>
> The Farbar program is updated often.
> If it's identified as suspicious by your Anti-Virus program trust it if
> Downloaded from the link I provided.
> You should restore the program from the Quarantine folder.
> ====
>
>
This is no longer a feature on Malwarebytes: "Click the Scan tab on the right
detail pane, select Threat Scan and click the Start Scan button"
1) I get logged out randomly of gmail and bleepingcomputer.com.
2)keyboard typing is mangled by erroneous keys inputted to the screen.
3)Browser Screen Glitches
4)
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-04-2021
# Duration: 00:00:05
# OS: Windows 10 Home
# Scanned: 32005
# Detected: 8
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files
(x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files
(x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files
(x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP
SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder
C:\Users\Administrator\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder
C:\Users\Administrator\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP
SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder
C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP
SUPPORT FRAMEWORK
AdwCleaner[S00].txt - [1997 octets] - [19/11/2021 15:36:08]
AdwCleaner[C00].txt - [2263 octets] - [19/11/2021 15:38:54]
AdwCleaner[S01].txt - [1528 octets] - [19/11/2021 16:22:12]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by Administrator (04-12-2021 19:45:23)
Running from C:\Users\Administrator\Downloads
Microsoft Windows 11 Home Version 21H2 22000.348 (X64) (2021-11-26 05:49:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2461747673-3118702703-1228273762-500 - Administrator -
Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2461747673-3118702703-1228273762-503 - Limited -
Disabled)
Guest (S-1-5-21-2461747673-3118702703-1228273762-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2461747673-3118702703-1228273762-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Home (Enabled - Up to date) {8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}
AV: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team)
ClamWin Free Antivirus 0.103.2.1 (HKLM-x32\...\ClamWin Free Antivirus_is1)
(Version: - alch)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.369 -
SecureMix LLC)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 5.3.1285 - Trend
Micro Inc.)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386})
(Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework
(HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP
Inc.)
Malwarebytes version 4.4.11.149
(HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 -
Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft
Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
96.0.1054.34 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C})
(Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033
(HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 -
Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US))
(Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version:
94.0.2 - Mozilla)
Realtek High Definition Audio Driver
(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 -
Realtek Semiconductor Corp.)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9})
(Version: 1.6.50.0 - Sophos Limited) Hidden
Sophos Anti-Virus (HKLM-x32\...\{31616A98-3852-49E9-BDD6-77A1AB85571A})
(Version: 10.8.10.810 - Sophos Limited) Hidden
Sophos AutoUpdate XG (HKLM-x32\...\{1FBBCD17-2403-4794-B2A8-A3ADDD3B0AF8})
(Version: 6.6.144.0 - Sophos Limited) Hidden
Sophos Clean (HKLM\...\Sophos Clean) (Version: 3.9.4.1 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM-x32\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D})
(Version: 6.5.238.0 - Sophos Limited) Hidden
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 2.2.6.735 -
Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB})
(Version: 3.8.1.504 - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version:
1.7.952.0 - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version:
2.6.2.0 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 3.5.0 - Sophos Limited)
Sophos Home (HKLM-x32\...\{6870B81A-B36A-4B63-8605-4DF5CE2D7BC4}) (Version:
5.1.87.0 - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: 3.7.21.247 - Sophos
Limited) Hidden
Sophos Management Communications System
(HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.13.16.0 -
Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.7.0.41 - Sophos
Limited) Hidden
Sophos Network Threat Protection
(HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 1.11.194.0 - Sophos
Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: 1.6.9 -
Sophos Limited) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version:
1.0.65.0 - LunarG, Inc.) Hidden
Packages:
=========
Microsoft Excel -> C:\Program
Files\WindowsApps\Microsoft.Office.Desktop.Excel_16031.14527.20234.0_x86__8wekyb3d8bbwe
[2021-11-26] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program
Files\WindowsApps\Microsoft.Office.Desktop_16031.14527.20234.0_x86__8wekyb3d8bbwe
[2021-11-26] (Microsoft Corporation)
Microsoft Word -> C:\Program
Files\WindowsApps\Microsoft.Office.Desktop.Word_16031.14527.20234.0_x86__8wekyb3d8bbwe
[2021-11-26] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-2461747673-3118702703-1228273762-500_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32
-> C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll () [File not signed]
ContextMenuHandlers1: [SophosHomeShellExt] ->
{2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos
Home\SophosHomeShellExtX64.dll [2021-09-24] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers2: [SophosHomeShellExt] ->
{2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos
Home\SophosHomeShellExtX64.dll [2021-09-24] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-04]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SophosHomeShellExt] ->
{2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos
Home\SophosHomeShellExtX64.dll [2021-09-24] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => ->
No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
C:\WINDOWS\System32\DriverStore\FileRepository\ki126786.inf_amd64_9661370b57f5ac98\igfxDTCM.dll
[2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel
Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-04]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SophosHomeShellExt] ->
{2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos
Home\SophosHomeShellExtX64.dll [2021-09-24] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers1_S-1-5-21-2461747673-3118702703-1228273762-500: [ClamWin] ->
{65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files
(x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
ContextMenuHandlers6_S-1-5-21-2461747673-3118702703-1228273762-500: [ClamWin] ->
{65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files
(x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-11-30 15:59 - 2008-04-19 16:35 - 000080384 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2021-11-30 15:59 - 2005-02-08 16:23 - 000979005 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\bin\python23.dll
2021-11-30 15:59 - 2004-05-25 20:17 - 000622651 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2021-11-30 15:59 - 2021-04-30 00:37 - 000090112 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2021-11-30 15:59 - 2004-05-25 20:18 - 000049212 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2021-11-30 15:59 - 2004-05-25 20:18 - 000057401 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2021-11-30 15:59 - 2004-05-25 20:18 - 000495616 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2021-11-30 15:59 - 2004-05-25 20:20 - 000036864 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2021-11-30 15:59 - 2004-05-25 20:19 - 000045117 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2021-11-30 15:59 - 2003-08-10 08:14 - 000061440 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2021-11-30 15:59 - 2004-10-11 19:22 - 000315392 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2021-11-30 15:59 - 2004-10-11 19:21 - 000094208 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2021-11-30 15:59 - 2004-11-20 02:27 - 000106496 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\shell.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000069632 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000024576 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000077824 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000086016 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000024576 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000036864 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2021-11-30 15:59 - 2004-11-20 02:27 - 000065536 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2021-11-30 15:59 - 2003-10-01 12:40 - 002240512 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2021-11-30 15:59 - 2003-10-01 10:43 - 003239936 _____ () [File not signed]
C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\aep.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\atasi.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\CSUNSAPI.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\nfhwcrhk.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\nuronssl.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\SureWareHook.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\swift.dll
2021-12-03 12:57 - 2020-12-14 23:13 - 000034816 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\Dll\ubsec.dll
2021-12-03 12:57 - 2020-08-25 23:31 - 000134656 _____ () [File not signed]
C:\Program Files (x86)\Trend Micro\DRScanner\libzip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService =>
""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService =>
""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService =>
""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos File Scanner
Service => ""="service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 04:08 - 2021-06-05 04:08 - 000000824 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2461747673-3118702703-1228273762-500\Control
Panel\Desktop\\Wallpaper ->
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{355BC6D5-696B-403F-8E66-19F84C487E22}] => (Allow) C:\Program
Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{011743A6-8549-4368-9AF5-37C2AAE36792}] => (Allow) C:\Program
Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{E4E23B54-E411-4D9F-AEB3-6FE71CDD156D}] => (Allow) c:\program
files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{FF52D35D-48E6-4FA1-96B5-19571466C695}] => (Allow) c:\program
files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{BB321C1C-609D-4473-8593-8CCF06D85A80}] => (Allow) c:\program
files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DB78B340-61A7-41F4-88F0-6EF0B687064A}] => (Allow) c:\program
files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{118CB4C7-9974-423F-AAB7-1409B2284D8F}] => (Allow) c:\program
files (x86)\sophos\management communications system\endpoint\mcsclient.exe
(Sophos Ltd -> Sophos Limited)
FirewallRules: [{24C3F134-DD90-4800-827F-591397D3621C}] => (Allow) c:\program
files (x86)\sophos\management communications system\endpoint\mcsclient.exe
(Sophos Ltd -> Sophos Limited)
FirewallRules: [{003C6783-C6BC-475B-8C86-615C3A5C710C}] => (Allow) c:\program
files (x86)\sophos\sophos anti-virus\savservice.exe (Sophos Ltd -> Sophos
Limited)
FirewallRules: [{A85858DC-0EA0-4E74-8AA3-87D0EA351A4C}] => (Allow) c:\program
files (x86)\sophos\sophos anti-virus\savservice.exe (Sophos Ltd -> Sophos
Limited)
FirewallRules: [{D8075619-E9C3-4C20-8366-740FF45E54FF}] => (Block) c:\program
files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe (HP
Inc. -> HP Inc.)
FirewallRules: [{D9FB0B8D-B82F-4779-BD90-E0DDC379E60D}] => (Block) c:\program
files (x86)\hewlett-packard\hp support solutions\modules\hpssfupdater.exe (HP
Inc. -> HP Inc.)
FirewallRules: [{4602242A-EE40-438A-9AEA-2154C0B8E63B}] => (Block) c:\program
files (x86)\hewlett-packard\hp support
solutions\hpsupportsolutionsframeworkservice.exe (HP Inc. -> HP Inc.)
FirewallRules: [{095B612F-76D2-4BBA-9256-0BE7DDA02F37}] => (Block) c:\program
files (x86)\hewlett-packard\hp support
solutions\hpsupportsolutionsframeworkservice.exe (HP Inc. -> HP Inc.)
FirewallRules: [{DFDDDAF1-6EBB-482D-9F4A-92EE77367EC8}] => (Allow) c:\program
files\sophos\endpoint defense\sspservice.exe (Sophos Ltd -> Sophos Limited)
FirewallRules: [{534AB917-23AA-4D34-8E21-D80DDAC8449F}] => (Allow) c:\program
files\sophos\endpoint defense\sspservice.exe (Sophos Ltd -> Sophos Limited)
FirewallRules: [{6AD87B76-00D5-4223-A91F-8E11158CD6A4}] => (Allow)
c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{370AA14A-6585-4B88-AEB8-1F0ABBDF8011}] => (Allow)
c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{94712EBD-53C0-4385-B50E-0A53FA35E8B3}] => (Block)
c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A5E7C981-E054-404E-9746-A9086F7F2172}] => (Block)
c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E1C67FB1-F4B2-468B-B5B7-FD2BA115198E}] => (Allow) c:\program
files (x86)\common files\sophos\web intelligence\swi_fc.exe (Sophos Ltd ->
Sophos Limited)
FirewallRules: [{79A5581B-146B-416D-8F63-DA102EBCDF3A}] => (Allow) c:\program
files (x86)\common files\sophos\web intelligence\swi_fc.exe (Sophos Ltd ->
Sophos Limited)
FirewallRules: [{D32E692D-4225-4982-9E34-29120D681EDF}] => (Allow) c:\program
files (x86)\sophos\sophos anti-virus\web intelligence\swi_service.exe (Sophos
Ltd -> Sophos Limited)
FirewallRules: [{C3EA862C-71F5-41FA-A588-7B7E89EBF8B8}] => (Allow) c:\program
files (x86)\sophos\sophos anti-virus\web intelligence\swi_service.exe (Sophos
Ltd -> Sophos Limited)
FirewallRules: [{55A96DCD-4E8D-44C2-9252-38F9272F128A}] => (Block)
c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3CDC03DE-B768-4396-BAC3-EF6BA50015EC}] => (Block)
c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{35C08FE5-FBC1-446C-866E-FDD319C3481B}] => (Allow) c:\program
files (x86)\clamwin\bin\clamwin.exe (alch) [File not signed]
FirewallRules: [{3C330425-0FB8-4B13-94A9-8A86EBA5C9C9}] => (Allow) c:\program
files (x86)\clamwin\bin\clamwin.exe (alch) [File not signed]
FirewallRules: [{AFC5778E-37BF-4DBA-9C8D-DB983767A548}] => (Block)
c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows ->
Microsoft Corporation)
FirewallRules: [{1A594677-02DB-4ACC-B0E6-90AF17876E39}] => (Block)
c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows ->
Microsoft Corporation)
FirewallRules: [{7AB21BCA-6521-4045-A2CE-D2D10D581F52}] => (Block)
c:\windows\system32\dashost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A9EF0BD2-1DA7-47DD-B2F3-B0C820F285D7}] => (Block)
c:\windows\system32\dashost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2031A139-071E-4377-95FC-052983B82B58}] => (Block)
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\searchhost.exe
(Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AEAEBFEE-4183-4E0B-A872-EC1E6EB3D092}] => (Block)
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\searchhost.exe
(Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F46AAA32-E120-4A84-AC76-A7176A77DDC3}] => (Block) c:\program
files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation
-> Microsoft Corporation)
FirewallRules: [{9C42472C-9EDD-48C3-8E4C-DAAD36284630}] => (Block) c:\program
files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation
-> Microsoft Corporation)
FirewallRules: [{ED68EE51-1946-43F4-80AC-E327D619ADE0}] => (Block)
c:\windows\syswow64\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{65960C74-684D-469E-9E9E-DBA4EE64FB88}] => (Block)
c:\windows\syswow64\wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A9B394F1-1FA0-4EB2-94C8-F5C5048F6DCD}] => (Allow)
c:\programdata\sophos\autoupdate\cache\sophos_autoupdate1.dir\sophosupdate.exe
(Sophos Ltd -> Sophos Limited)
FirewallRules: [{A5E146A4-B830-4261-87C0-58D17413F07E}] => (Allow)
c:\programdata\sophos\autoupdate\cache\sophos_autoupdate1.dir\sophosupdate.exe
(Sophos Ltd -> Sophos Limited)
FirewallRules: [{DA4D1D79-8C40-4D84-8E20-D0E3628D49F0}] => (Allow)
c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{489C538D-174E-4477-AFAD-B6F581EA63A9}] => (Allow)
c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C9F44747-9DE2-47A8-88F6-D9DB2E6BF54B}] => (Block)
c:\windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{08E6EF5A-FCFD-49F6-B0F8-0A26A8711FCA}] => (Block)
c:\windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FC860089-EBDD-4DDB-9DDF-597C3151D73C}] => (Allow) c:\program
files (x86)\hewlett-packard\hp support solutions\modules\hpsfreport.exe (HP Inc.
-> HP Inc.)
FirewallRules: [{7D6A0CC3-CEFE-4FFF-B1BE-82F0D7472AE4}] => (Allow) c:\program
files (x86)\hewlett-packard\hp support solutions\modules\hpsfreport.exe (HP Inc.
-> HP Inc.)
FirewallRules: [{A76E25E0-B22D-4B60-B5B9-DFC053F4D3D3}] => (Block)
c:\windows\uus\amd64\mousocoreworker.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{C5B7CE7B-9F31-4511-AA13-4895EF8DF15C}] => (Block)
c:\windows\uus\amd64\mousocoreworker.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{951B9A84-9116-43DE-8788-3F73CFF0FBA7}] => (Allow) c:\program
files (x86)\sophos\sophos home\sophosui.exe (Sophos Ltd -> Sophos Limited)
FirewallRules: [{2AE55860-38AF-4061-9402-ECEAA087FDF0}] => (Allow) c:\program
files (x86)\sophos\sophos home\sophosui.exe (Sophos Ltd -> Sophos Limited)
FirewallRules: [{97F3C88A-89A5-4168-96A5-58540D981379}] => (Block)
c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows ->
Microsoft Corporation)
FirewallRules: [{0E7DA415-3A1C-4212-AF57-FDB9D883FD92}] => (Block)
c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows ->
Microsoft Corporation)
FirewallRules: [{98C5898A-B4F4-4D9D-B055-EA7B5D76CB4A}] => (Block)
c:\windows\system32\cleanmgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{84FFD4F0-8CAB-4FA2-AA31-CC2D3D1DD819}] => (Block)
c:\windows\system32\cleanmgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F733C249-2B43-4F23-A86E-226311B6047A}] => (Block)
c:\windows\system32\compattelrunner.exe (Microsoft Corporation -> Microsoft
Corporation)
FirewallRules: [{654B2A0F-317E-492A-91B4-7CA7DD01B422}] => (Block)
c:\windows\system32\compattelrunner.exe (Microsoft Corporation -> Microsoft
Corporation)
FirewallRules: [{AF9BD02A-FB24-4B45-86C5-533F26329FAA}] => (Block) c:\program
files (x86)\windows media player\wmplayer.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{898CB43C-BB80-48FE-A632-830F4F2F5E02}] => (Block) c:\program
files (x86)\windows media player\wmplayer.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{3F8235CC-E105-416E-8218-822548EB64D1}] => (Block) c:\program
files\mozilla firefox\pingsender.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{154C6ECD-E094-476C-BDE0-6B0EA7695281}] => (Block) c:\program
files\mozilla firefox\pingsender.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{B5858114-DC92-4DD8-B60F-30B0A3FB6B0C}] => (Block)
c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft
Corporation)
FirewallRules: [{FAA98BBD-22F6-47CE-AB20-27A3537990DF}] => (Block)
c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft
Corporation)
FirewallRules: [{5F13359B-4EE3-4131-B29A-EEA26EF6AE3A}] => (Block) c:\program
files\mozilla firefox\default-browser-agent.exe (Mozilla Corporation -> Mozilla
Foundation)
FirewallRules: [{0E830246-6272-4AC4-82AD-BF63AB3B7028}] => (Block) c:\program
files\mozilla firefox\default-browser-agent.exe (Mozilla Corporation -> Mozilla
Foundation)
FirewallRules: [{146CBB47-8001-4B04-997A-94D6C98E6B70}] => (Block)
c:\windows\system32\driverstore\filerepository\ki126786.inf_amd64_9661370b57f5ac98\igfxem.exe
(Intel® pGFX -> Intel Corporation)
FirewallRules: [{2520B979-916A-427C-A6B2-FCEEDC4EB572}] => (Block)
c:\windows\system32\driverstore\filerepository\ki126786.inf_amd64_9661370b57f5ac98\igfxem.exe
(Intel® pGFX -> Intel Corporation)
FirewallRules: [{CD81DEB7-0ABB-4D78-8626-C29EA7A0C2C0}] => (Block)
c:\windows\system32\driverstore\filerepository\ki126786.inf_amd64_9661370b57f5ac98\gfxdownloadwrapper.exe
(Intel® pGFX -> Intel Corporation)
FirewallRules: [{A45A721B-1566-4391-BAB4-AE0E3BFCDC59}] => (Block)
c:\windows\system32\driverstore\filerepository\ki126786.inf_amd64_9661370b57f5ac98\gfxdownloadwrapper.exe
(Intel® pGFX -> Intel Corporation)
FirewallRules: [{100AA119-CA43-4D5D-B388-78CEAE6CC344}] => (Block)
c:\windows\system32\driverstore\filerepository\sgx_psw.inf_amd64_e12f514e96bb8edd\aesm_service.exe
(Intel Corporation -> Intel Corporation)
FirewallRules: [{7F6ADCFA-FC81-4AA2-B3A3-5AE0982398A6}] => (Block)
c:\windows\system32\driverstore\filerepository\sgx_psw.inf_amd64_e12f514e96bb8edd\aesm_service.exe
(Intel Corporation -> Intel Corporation)
FirewallRules: [{F70D9FBE-EF45-4779-AC37-BDF0D75AF76A}] => (Block) c:\program
files (x86)\clamwin\bin\freshclam.exe () [File not signed]
FirewallRules: [{629AB0F9-F12B-48CF-B99E-9D3671B55399}] => (Block) c:\program
files (x86)\clamwin\bin\freshclam.exe () [File not signed]
FirewallRules: [{C6F25969-F4E8-4FD7-B8CC-399B93AF1ED3}] => (Block) c:\program
files (x86)\hewlett-packard\hp support framework\hpsf.exe (HP Inc. -> HP Inc.)
FirewallRules: [{49BBAFDD-7486-491E-95BA-46D04A16A2FE}] => (Block) c:\program
files (x86)\hewlett-packard\hp support framework\hpsf.exe (HP Inc. -> HP Inc.)
FirewallRules: [{5E97F674-5D7B-45A0-B1CA-8BBCA018AE42}] => (Block)
c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{4C89ECEE-4D1A-42CA-BD30-9B04AA315B87}] => (Block)
c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft
Corporation)
FirewallRules: [{AC8C91F5-C76E-4E5D-B508-C67A16A1C7FE}] => (Block) c:\program
files (x86)\sophos\autoupdate\telemetry\submittelem.exe (Sophos Ltd -> Sophos
Limited)
FirewallRules: [{28482549-1327-4D37-A6B0-808518CE32E0}] => (Block) c:\program
files (x86)\sophos\autoupdate\telemetry\submittelem.exe (Sophos Ltd -> Sophos
Limited)
FirewallRules: [{B52C5D6B-48E5-4618-AFC8-2F1A11B780C1}] => (Allow)
c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe =>
No File
FirewallRules: [{6BB9BDBE-7C0E-479B-9C20-4EB54A93FED5}] => (Allow)
c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe =>
No File
FirewallRules: [{5674CA9D-371C-418A-B6A5-EA72B72CE9A0}] => (Allow) c:\program
files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{B7105664-3B86-4584-86FF-4BDD3EADF599}] => (Allow) c:\program
files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{E2D9ACD9-ED98-4861-8FFB-2FDFD3C76FD0}] => (Allow) c:\program
files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{E21F7080-D7DA-4D12-9494-FCA33EF2DFAA}] => (Allow) c:\program
files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{7D1C2328-A74E-41D1-B877-046804A546FD}] => (Block)
c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{B349C319-7346-4394-8623-74FE5D8DA0C1}] => (Block)
c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{4ABA610B-6E23-429F-B368-E2613467C381}] => (Block)
c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{CA2ED8E2-D021-4A46-A830-B87EC4A3412C}] => (Block)
c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{1703F040-F6E2-457E-8212-03A47CFA26AF}] => (Block) c:\program
files\trend micro\housecall\housecall.bin (Trend Micro, Inc. -> Trend Micro
Inc.)
FirewallRules: [{F8C1A4D7-3032-43CC-BC76-48D4674F2AA2}] => (Block) c:\program
files\trend micro\housecall\housecall.bin (Trend Micro, Inc. -> Trend Micro
Inc.)
FirewallRules: [{5030ECBB-44CC-4C62-812B-420AD4442AE7}] => (Block) c:\program
files\trend micro\housecall\tisezins.exe (Trend Micro, Inc. -> Trend Micro Inc.)
FirewallRules: [{3CE1D332-3D56-442D-B5B4-4AB851497BB5}] => (Block) c:\program
files\trend micro\housecall\tisezins.exe (Trend Micro, Inc. -> Trend Micro Inc.)
FirewallRules: [{29C40AE3-1F4C-419D-9517-DDD857079E5E}] => (Allow) C:\Program
Files (x86)\Trend Micro\DRScanner\DRScanner.exe (Trend Micro, Inc. -> Trend
Micro Inc.)
FirewallRules: [{31F27C43-A062-4320-A18F-C1AA526D7729}] => (Allow) C:\Program
Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe (Insecure.Org) [File not
signed]
FirewallRules: [{420B8288-AE12-4084-A87B-8C72354A2CC6}] => (Block) c:\program
files (x86)\trend micro\drscanner\drscanner.exe (Trend Micro, Inc. -> Trend
Micro Inc.)
FirewallRules: [{8C1F3F90-5ABE-4F2D-B24E-5C4E42103E89}] => (Block) c:\program
files (x86)\trend micro\drscanner\drscanner.exe (Trend Micro, Inc. -> Trend
Micro Inc.)
FirewallRules: [{DC3ACF7A-D00E-4EEB-A008-E5DE324119DB}] => (Allow) c:\program
files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{8DA1EB2D-E785-4195-82AF-BF713DA73F73}] => (Allow) c:\program
files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{ADBF9BEB-9D92-4F1B-B440-608D71F9F6CD}] => (Allow) c:\program
files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{AEF26D3D-E309-4FDE-AE64-847EE71554F8}] => (Allow) c:\program
files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{ACEF0F0E-76F5-4217-9A0E-4C6A476C85A5}] => (Allow)
c:\users\administrator\downloads\mbsetup-119967.119967-consumer.exe
(Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{3F576DEA-2C94-4C8F-B721-5C2AA4225FDD}] => (Allow)
c:\users\administrator\downloads\mbsetup-119967.119967-consumer.exe
(Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{5956AFE3-DC0C-466E-9EDA-EF6826428CC2}] => (Allow)
c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
FirewallRules: [{AFFB11B8-5C4C-403E-8184-8F2105B0B9AD}] => (Allow)
c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
FirewallRules: [{00B6B801-F494-4D01-AD77-8E716B9567E3}] => (Allow) c:\program
files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc ->
Malwarebytes)
FirewallRules: [{3D47663C-83D1-481C-B193-7244D1DCB431}] => (Allow) c:\program
files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc ->
Malwarebytes)
FirewallRules: [{532B6148-A4B7-44A8-8F75-5F0911DBBC32}] => (Block) c:\program
files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{FDCE7F86-90FC-4772-A15B-7702A6EFA474}] => (Block) c:\program
files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{26BF2D44-BA8C-4CBE-83FF-AD3D3AE452CF}] => (Block) c:\program
files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{849ECD1B-5AB3-47D4-BE49-06B2525E8F2E}] => (Block) c:\program
files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{09841021-95E6-4CCD-B925-38ADD3A92BA3}] => (Allow)
c:\users\administrator\downloads\spsetup132.exe (Piriform Software Ltd ->
Piriform Software Ltd)
FirewallRules: [{E57320D8-AB80-4203-93F6-4FB50BED7F89}] => (Allow)
c:\users\administrator\downloads\spsetup132.exe (Piriform Software Ltd ->
Piriform Software Ltd)
FirewallRules: [{8A1D72A1-5B3B-4AF5-8150-1B9144D6A31B}] => (Allow) c:\program
files\speccy\speccy64.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{59E444D5-5780-438A-BDC1-1AEC1E4618BB}] => (Allow) c:\program
files\speccy\speccy64.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{84A7594C-E91E-48CC-8BEF-F69A99EE78BB}] => (Block) c:\program
files\audacity\audacity.exe (Musecy SM LTD -> Audacity Team)
FirewallRules: [{33120A77-47D7-4EDD-BBBC-7A01EDA1606F}] => (Block) c:\program
files\audacity\audacity.exe (Musecy SM LTD -> Audacity Team)
FirewallRules: [{EB2A5F59-F0A1-46F6-B680-F0FB99666F53}] => (Block)
c:\users\administrator\downloads\adwcleaner_8.3.1.exe (Malwarebytes Inc ->
Malwarebytes)
FirewallRules: [{9455F691-8315-44E6-96E7-158FCEDE4250}] => (Block)
c:\users\administrator\downloads\adwcleaner_8.3.1.exe (Malwarebytes Inc ->
Malwarebytes)
FirewallRules: [{56CFC06C-0CE3-46E4-9114-2DDC264C950D}] => (Allow)
c:\users\administrator\downloads\frst64.exe (Farbar) [File not signed]
FirewallRules: [{E736F574-041E-46BC-BBC0-1CC5FEF527DF}] => (Allow)
c:\users\administrator\downloads\frst64.exe (Farbar) [File not signed]
==================== Restore Points =========================
29-11-2021 10:03:50 Scheduled Checkpoint
30-11-2021 21:52:32 Installed HP Support Solutions Framework
==================== Faulty Device Manager Devices ============
Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/04/2021 05:20:47 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: DllHost.exe, version: 10.0.22000.1, time
stamp: 0x93f44fbf
Faulting module name: ntdll.dll, version: 10.0.22000.348, time stamp: 0x22eb3761
Exception code: 0xc0000374
Fault offset: 0x000000000010be99
Faulting process id: 0x2ac8
Faulting application start time: 0x01d7e92b9021e55a
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 37ace6c0-60f8-4866-b640-cce036392da1
Faulting package full name:
Faulting package-relative application ID:
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)
(EventID: 12029) (User: )
Description: Event-ID 12029
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)
(EventID: 0) (User: )
Description: Event-ID 0
Error: (12/03/2021 06:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for
"C:\Users\Administrator\Downloads\sigcheck64a.exe".
Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)
(EventID: 12029) (User: )
Description: Event-ID 12029
Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)
(EventID: 0) (User: )
Description: Event-ID 0
Error: (12/02/2021 04:45:42 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: ShellExperienceHost.exe, version:
10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.QuickActions.dll, version: 10.0.22000.348, time
stamp: 0x6bfd3a05
Exception code: 0x80000003
Fault offset: 0x00000000000431d1
Faulting process id: 0x15a8
Faulting application start time: 0x01d7e7df0667ab07
Faulting application path:
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path:
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.QuickActions.dll
Report Id: b194a89b-d24e-40b8-9adb-f64f793f8ab6
Faulting package full name:
Microsoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent)
(EventID: 12029) (User: )
Description: Event-ID 12029
System errors:
=============
Error: (12/04/2021 04:55:53 PM) (Source: Service Control Manager) (EventID:
7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the
following error:
Unable to access a key.
Error: (12/04/2021 04:55:53 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the
creation of the default identity failed with error code: 0x80630203.
Error: (12/04/2021 02:31:43 PM) (Source: DCOM) (EventID: 10005) (User:
BRIF8BGPLD8U3)
Description: DCOM got error "1068" attempting to start the service cdpsvc with
arguments "Unavailable" in order to run the server:
{284CACFE-B6F2-461A-90C3-A7ACC8353816}
Error: (12/04/2021 02:31:43 PM) (Source: Service Control Manager) (EventID:
7001) (User: )
Description: The Connected Devices Platform Service service depends on the
Network Connection Broker service which failed to start because of the following
error:
The service cannot be started, either because it is disabled or because it has
no enabled devices associated with it.
Error: (12/04/2021 02:31:41 PM) (Source: DCOM) (EventID: 10005) (User:
BRIF8BGPLD8U3)
Description: DCOM got error "1068" attempting to start the service cdpsvc with
arguments "Unavailable" in order to run the server:
{284CACFE-B6F2-461A-90C3-A7ACC8353816}
Error: (12/04/2021 02:31:41 PM) (Source: Service Control Manager) (EventID:
7001) (User: )
Description: The Connected Devices Platform Service service depends on the
Network Connection Broker service which failed to start because of the following
error:
The service cannot be started, either because it is disabled or because it has
no enabled devices associated with it.
Error: (12/04/2021 09:35:32 AM) (Source: DCOM) (EventID: 10005) (User:
BRIF8BGPLD8U3)
Description: DCOM got error "1068" attempting to start the service cdpsvc with
arguments "Unavailable" in order to run the server:
{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}
Error: (12/04/2021 09:35:32 AM) (Source: Service Control Manager) (EventID:
7001) (User: )
Description: The Connected Devices Platform Service service depends on the
Network Connection Broker service which failed to start because of the following
error:
The service cannot be started, either because it is disabled or because it has
no enabled devices associated with it.
Windows Defender:
================
Date: 2021-11-26 11:29:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-12-04 18:33:18
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Sophos\Sophos AMSI
Protection\SophosAmsiProvider.dll that did not meet the Windows signing level
requirements.
==================== Memory info ===========================
BIOS: AMI F.46 08/03/2021
Motherboard: HP 843F
Processor: Intel® Core™ i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 61%
Total physical RAM: 7985.94 MB
Available physical RAM: 3077.48 MB
Total Virtual: 9879.94 MB
Available Virtual: 3971.32 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:915.52 GB) (Free:876.45 GB) NTFS
Drive d: (BUILDPART) (Fixed) (Total:0.5 GB) (Free:0.07 GB) FAT32 ==>[system with
boot components (obtained from drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.26 GB) (Free:2.04 GB) NTFS ==>[system with
boot components (obtained from drive)]
\\?\Volume{c55f2912-4274-4e67-8346-11da6f3832b7}\ (Windows RE tools) (Fixed)
(Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{5936f0cb-e6b4-4a33-9cbb-f8c7408279c5}\ () (Fixed) (Total:0.25 GB)
(Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt =======================
FRST Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by Administrator (administrator) on BRIF8BGPLD8U3 (HP HP Slim Desktop
290-p0xxx) (04-12-2021 19:41:34)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Platform: Microsoft Windows 11 Home Version 21H2 22000.348 (X64) Language:
English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(alch) [File not signed] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_e12f514e96bb8edd\aesm_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\ki126786.inf_amd64_9661370b57f5ac98\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\ki126786.inf_amd64_9661370b57f5ac98\igfxEM.exe
(Intel® pGFX -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\ki126786.inf_amd64_9661370b57f5ac98\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\ki126786.inf_amd64_9661370b57f5ac98\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes)
C:\Users\Administrator\Downloads\adwcleaner_8.3.1.exe
(Microsoft Corporation) C:\Program
Files\WindowsApps\microsoft.windowsnotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla
Firefox\firefox.exe <9>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program
Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web
Intelligence\swi_fc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files
(x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files
(x86)\Sophos\Health\SophosHealth.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management
Communications System\Endpoint\McsAgent.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management
Communications System\Endpoint\McsClient.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\SAVAdminService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\SavService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\Web Control\swc_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos
Home\SophosUI.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Clean\SophosCleanM64.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint
Defense\SEDService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint
Defense\SSPService.exe
(Sophos Ltd -> Sophos Limited) C:\Program
Files\Sophos\Safestore\SophosSafestore64.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File
Scanner\SophosFileScanner.exe <2>
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File
Scanner\SophosFS.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat
Protection\SophosNtpService.exe
(Sophos Ltd -> SurfRight B.V.) C:\Program Files
(x86)\HitmanPro.Alert\hmpalert.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend
Micro\DRScanner\DRScanner.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Sophos Home UI] => C:\Program Files (x86)\Sophos\Sophos
Home\SophosUI.exe [7529400 2021-09-24] (Sophos Ltd -> Sophos Limited)
HKU\S-1-5-21-2461747673-3118702703-1228273762-500\...\Run: [ClamWin] =>
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2021-06-07] (alch) [File
not signed]
HKU\S-1-5-21-2461747673-3118702703-1228273762-500\...\Run: [GlassWire] =>
C:\Program Files (x86)\GlassWire\glasswire.exe [9810376 2021-11-23] (GlassWire
-> SecureMix LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {0DE75A4E-FDE3-47B0-BA44-91B7298BB405} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\PC Health Analysis => C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP
Inc. -> HP Inc.)
Task: {35114D03-2171-44E5-A357-6FB314106B80} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files
(x86)\Hewlett-Packard\HP Support
Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17]
(HP Inc. -> HP Inc.)
Task: {39CD70FA-9C84-421C-BF72-E1E1D98C11C1} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Assistant Update Notice => C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
[555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {3C7F6770-9E7D-40A5-BF8A-B454D7A8094B} - System32\Tasks\RTKCPL =>
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek
Semiconductor Corp. -> Realtek Semiconductor)
Task: {4ABE280A-3D93-44B4-B2D1-596792732C94} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984
2020-09-17] (HP Inc. -> HP Inc.)
Task: {B74482E7-80A9-432D-9810-A691492DC83C} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Solutions Framework Updater - Resources =>
C:\Program Files (x86)\Hewlett-Packard\HP Support
Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {BFEEE1C6-BEE5-40D7-83A8-CA7C70500E5E} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Assistant Quick Start => C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP
Inc. -> HP Inc.)
Task: {C438291B-0E0D-471E-803A-096091DC5E6C} - System32\Tasks\DRScanner Startup
=> C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [6226600
2021-09-09] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {CB6F0795-5CBF-431C-8694-903CDDF8E867} - System32\Tasks\Mozilla\Firefox
Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla
Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Task: {D147B35F-B063-4062-8834-B9F7F6C11C9D} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Solutions Framework Report => C:\Program Files
(x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134768
2021-04-01] (HP Inc. -> HP Inc.)
Task: {D80B4B8E-725A-41A7-9BBF-9E90ACDCC02C} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [57176
2020-08-20] (HP Inc. -> HP Inc.)
Task: {E569030D-8A7D-4503-8944-9CD0FAB94325} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Solutions Framework Updater - resources updates =>
C:\Program Files (x86)\Hewlett-Packard\HP Support
Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {EC36BA50-3A4A-4318-B82E-08FEFB9F58B5} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\Product Configurator => C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320
2021-07-15] (HP Inc. -> HP Inc.)
Task: {F33CBA02-316B-4298-A6D9-88F575AB3130} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Solutions Framework Updater => C:\Program Files
(x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944
2021-04-01] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6a238974-4e81-4a2e-a20a-e0130b2aadad}: [DhcpNameServer]
75.75.75.75 75.75.76.76
Edge:
=======
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User
Data\Default [2021-11-30]
FireFox:
========
FF DefaultProfile: e5zlnlw1.default
FF ProfilePath:
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e5zlnlw1.default
[2021-11-26]
FF ProfilePath:
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088
[2021-12-04]
FF Session Restore:
Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088 -> is enabled.
FF Extension: (Enhancer for YouTube™) -
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi
[2021-12-02]
FF Extension: (HTTPS Everywhere) -
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088\Extensions\https-everywhere@eff.org.xpi
[2021-12-04]
FF Extension: (uBlock Origin) -
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088\Extensions\uBlock0@raymondhill.net.xpi
[2021-12-03]
FF Extension: (NoScript) -
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qu0w9ssk.default-release-1638381714088\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2021-12-01]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7307208 2021-11-23]
(GlassWire -> SecureMix LLC)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [3061416
2020-12-14] (Sophos Ltd -> SurfRight B.V.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480
2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP
Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP
Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
[7901368 2021-12-04] (Malwarebytes Inc -> Malwarebytes)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\SAVAdminService.exe [308440 2020-11-25] (Sophos Ltd -> Sophos
Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
[217064 2020-11-25] (Sophos Ltd -> Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat
Protection\SophosNtpService.exe [4762264 2020-11-25] (Sophos Ltd -> Sophos
Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
[798616 2020-07-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos Clean Service; C:\Program Files\Sophos\Clean\SophosCleanM64.exe
[1230464 2020-11-10] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint
Defense\SEDService.exe [3560208 2020-12-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos File Scanner Service; C:\Program Files\Sophos\Sophos File
Scanner\SophosFS.exe [885456 2020-11-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
[1456272 2021-03-01] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications
System\Endpoint\McsAgent.exe [1315080 2020-11-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications
System\Endpoint\McsClient.exe [1773800 2020-11-16] (Sophos Ltd -> Sophos
Limited)
R2 Sophos Safestore Service; C:\Program
Files\Sophos\Safestore\SophosSafestore64.exe [795616 2020-11-10] (Sophos Ltd ->
Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint
Defense\SSPService.exe [11331680 2020-12-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos
Anti-Virus\Web Control\swc_service.exe [351336 2020-11-25] (Sophos Ltd -> Sophos
Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web
Intelligence\swi_filter.exe [484072 2020-11-25] (Sophos Ltd -> Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web
Intelligence\swi_service.exe [3606872 2020-11-25] (Sophos Ltd -> Sophos Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-26] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-26] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (GlassWire ->
SecureMix LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [697712 2020-12-14]
(Sophos Ltd -> SurfRight B.V.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2021-11-25] (Microsoft
Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352
2021-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-04]
(Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992
2021-12-04] (Malwarebytes Inc -> Malwarebytes)
S3 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-08-25] (Riverbed
Technology, Inc. -> Riverbed Technology, Inc.)
S3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [202208 2017-11-01] (Realtek
Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31]
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-11-25]
(Sophos Ltd -> Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-11-25]
(Sophos Limited -> Sophos Limited)
R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [237520 2020-11-25] (Sophos Ltd ->
Sophos Limited)
S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [22152 2020-12-16]
(Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [1247832
2020-12-16] (Sophos Ltd -> Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840
2020-11-25] (Sophos Limited -> Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-11-25]
(Sophos Limited -> Sophos Limited)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-26]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-26]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-26]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-04 19:41 - 2021-12-04 19:41 - 000000000 ____D
C:\Users\Administrator\Downloads\FRST-OlderVersion
2021-12-04 19:32 - 2021-12-04 19:32 - 008540344 _____ (Malwarebytes)
C:\Users\Administrator\Downloads\adwcleaner_8.3.1.exe
2021-12-04 18:28 - 2021-12-04 18:28 - 000001245 _____
C:\Users\Administrator\Desktop\Malwarebytes custom full scan.txt
2021-12-04 16:55 - 2021-12-04 16:55 - 000000844 _____
C:\Users\Administrator\Desktop\Speccy.lnk
2021-12-04 16:55 - 2021-12-04 16:55 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Speccy
2021-12-04 16:55 - 2021-12-04 16:55 - 000000000 ____D C:\Program Files\Speccy
2021-12-04 16:52 - 2021-12-04 16:52 - 000025362 _____
C:\Users\Administrator\Downloads\MTB.txt
2021-12-04 16:51 - 2021-12-04 16:51 - 008234296 _____ (Piriform Software Ltd)
C:\Users\Administrator\Downloads\spsetup132.exe
2021-12-04 16:50 - 2021-12-04 16:50 - 000892416 _____ (Farbar)
C:\Users\Administrator\Downloads\MiniToolBox.exe
2021-12-04 11:01 - 2021-12-04 11:01 - 000248992 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-04 11:01 - 2021-12-04 11:01 - 000210352 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-04 11:01 - 2021-12-04 11:01 - 000160176 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-04 11:01 - 2021-12-04 11:01 - 000002040 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-04 11:01 - 2021-12-04 11:01 - 000002028 _____
C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-04 11:01 - 2021-12-04 11:01 - 000000000 ____D
C:\Users\Administrator\AppData\Local\mbam
2021-12-04 11:01 - 2021-12-04 11:00 - 000019912 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-04 11:00 - 2021-12-04 11:00 - 000000000 ____D
C:\ProgramData\Malwarebytes
2021-12-04 10:56 - 2021-12-04 11:00 - 000000000 ____D C:\Program
Files\Malwarebytes
2021-12-04 10:55 - 2021-12-04 10:55 - 002101944 _____ (Malwarebytes)
C:\Users\Administrator\Downloads\MBSetup-119967.119967-consumer.exe
2021-12-04 10:04 - 2021-12-04 10:04 - 000781552 _____
C:\Users\Administrator\AppData\Local\census.cache
2021-12-04 10:04 - 2021-12-04 10:04 - 000338012 _____
C:\Users\Administrator\AppData\Local\ars.cache
2021-12-04 08:29 - 2021-12-04 08:29 - 003137320 _____ (Panda Security, S.L.)
C:\Users\Administrator\Downloads\PANDAFREEAV.exe
2021-12-03 17:24 - 2021-12-03 17:25 - 005201347 _____
C:\Users\Administrator\Downloads\yt5s.com-7 Rings (Ariana Grande Parody) I'm
poor-(240p).mp4
2021-12-03 12:57 - 2021-12-03 12:57 - 000003198 _____
C:\WINDOWS\system32\Tasks\DRScanner Startup
2021-12-03 12:57 - 2021-12-03 12:57 - 000002138 _____
C:\Users\Public\Desktop\HouseCall for Home Networks.lnk
2021-12-03 12:57 - 2021-12-03 12:57 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2021-12-03 12:57 - 2020-08-25 23:31 - 000370424 _____ (Riverbed Technology,
Inc.) C:\WINDOWS\system32\wpcap.dll
2021-12-03 12:57 - 2020-08-25 23:31 - 000282360 _____ (Riverbed Technology,
Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2021-12-03 12:57 - 2020-08-25 23:31 - 000107768 _____ (Riverbed Technology,
Inc.) C:\WINDOWS\system32\Packet.dll
2021-12-03 12:57 - 2020-08-25 23:31 - 000098040 _____ (Riverbed Technology,
Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2021-12-03 12:57 - 2020-08-25 23:31 - 000036600 _____ (Riverbed Technology,
Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2021-12-03 12:56 - 2021-12-03 12:56 - 000000000 ____D C:\ProgramData\Trend Micro
2021-12-03 12:56 - 2021-12-03 12:56 - 000000000 ____D C:\Program Files
(x86)\Trend Micro
2021-12-03 12:54 - 2021-12-04 08:36 - 000000000 ____D C:\Program Files\Trend
Micro
2021-12-03 12:54 - 2021-12-03 16:55 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Trend Micro
2021-12-03 12:54 - 2021-12-03 12:54 - 003711952 _____ (Trend Micro Inc.)
C:\Users\Administrator\Downloads\HousecallLauncher64.exe
2021-12-03 12:54 - 2021-12-03 12:54 - 000608896 _____ (Trend Micro Inc.)
C:\Users\Administrator\Downloads\HouseCallforHomeNetworks.exe
2021-12-03 12:54 - 2021-12-03 12:54 - 000000036 _____
C:\Users\Administrator\AppData\Local\housecall.guid.cache
2021-12-02 11:14 - 2021-12-02 11:14 - 038111122 _____
C:\Users\Administrator\Downloads\12-02-2021-Last Day of ICONIC FRONT YARD TREE -
Second Large Tree Topped OFF !!!VID_20211202_105232967[1].mp4
2021-12-02 11:13 - 2021-12-02 11:13 - 035394085 _____
C:\Users\Administrator\Downloads\12-02-2021-Last Day of ICONIC FRONT YARD TREE -
First Large Tree Topped OFF!!!! NO!!!!!- VID_20211202_104004017[1].mp4
2021-12-02 11:07 - 2021-12-02 11:07 - 000000000 ____H
C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-12-01 17:53 - 2021-12-04 17:20 - 000000000 ____D
C:\Users\Administrator\AppData\Local\CrashDumps
2021-12-01 17:30 - 2021-12-01 17:31 - 000000000 ____D
C:\Users\Administrator\AppData\Local\glasswire
2021-12-01 17:30 - 2021-12-01 17:30 - 000001977 _____
C:\Users\Public\Desktop\GlassWire.lnk
2021-12-01 17:30 - 2021-12-01 17:30 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2021-12-01 17:30 - 2021-12-01 17:30 - 000000000 ____D C:\ProgramData\GlassWire
2021-12-01 17:30 - 2015-05-28 23:30 - 000008392 _____
C:\WINDOWS\system32\Drivers\gwdrv.cat
2021-12-01 17:30 - 2015-05-28 23:15 - 000033152 _____ (SecureMix LLC)
C:\WINDOWS\system32\Drivers\gwdrv.sys
2021-12-01 17:29 - 2021-12-01 17:30 - 000000000 ____D C:\Program Files
(x86)\GlassWire
2021-12-01 17:29 - 2021-12-01 17:29 - 000000000 ____D C:\ProgramData\Package
Cache
2021-11-30 21:56 - 2021-11-30 21:56 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2021-11-30 21:56 - 2021-11-30 21:56 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Hewlett-Packard
2021-11-30 21:55 - 2021-11-30 21:55 - 000002307 _____ C:\Users\Public\Desktop\HP
Support Assistant.lnk
2021-11-30 21:54 - 2021-11-30 21:55 - 000000000 ____D C:\Program Files
(x86)\InstallShield Installation Information
2021-11-30 21:54 - 2021-11-30 21:54 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\hpqLog
2021-11-30 21:54 - 2021-11-30 21:54 - 000000000 ____D C:\Program Files (x86)\HP
2021-11-30 21:53 - 2021-11-30 21:53 - 000000000 ____D
C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-11-30 21:53 - 2021-11-30 21:53 - 000000000 ____D
C:\Users\Administrator\AppData\Local\HP
2021-11-30 21:53 - 2021-11-30 21:53 - 000000000 ____D
C:\ProgramData\Hewlett-Packard
2021-11-30 21:48 - 2021-11-30 21:54 - 000000000 ____D C:\Program Files
(x86)\Hewlett-Packard
2021-11-30 15:59 - 2021-11-30 16:01 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\.clamwin
2021-11-30 15:59 - 2021-11-30 15:59 - 000000000 ____D C:\Program Files
(x86)\ClamWin
2021-11-29 17:19 - 2021-11-29 17:19 - 000000279 _____
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Recycle Bin.lnk
2021-11-29 16:00 - 2021-11-29 16:00 - 000007238 _____
C:\Users\Administrator\Downloads\WinDefend.reg
2021-11-28 17:38 - 2021-11-30 08:54 - 000001142 _____
C:\Users\Administrator\Downloads\FSS.txt
2021-11-28 10:55 - 2021-11-28 10:55 - 000000000 ____D C:\WINDOWS\Panther
2021-11-27 18:28 - 2021-11-27 18:28 - 000001607 _____
C:\WINDOWS\system32\config\VSMIDK
2021-11-27 12:08 - 2021-11-27 12:20 - 236832861 _____ (alch )
C:\Users\Administrator\Downloads\clamwin-0.103.2.1-setup.exe
2021-11-26 19:47 - 2021-11-26 19:47 - 000000000 ____D
C:\Users\Administrator\AppData\LocalLow\HitmanPro.Alert
2021-11-26 18:35 - 2021-11-26 18:35 - 000000112 ___SH C:\bootTel.dat
2021-11-26 17:49 - 2021-11-26 17:49 - 000909824 _____ (Farbar)
C:\Users\Administrator\Downloads\FSS.exe
2021-11-26 17:48 - 2021-11-30 12:15 - 000004278 _____
C:\Users\Administrator\Downloads\Fixlog.txt
2021-11-26 17:44 - 2021-12-04 19:41 - 002311680 _____ (Farbar)
C:\Users\Administrator\Downloads\FRST64.exe
2021-11-26 17:34 - 2021-12-01 20:01 - 000000000 ____D
C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2021-11-26 16:32 - 2021-11-26 16:32 - 000000000 ____H
C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-11-26 12:35 - 2021-12-04 19:38 - 000000000 ____D C:\WINDOWS\CryptoGuard
2021-11-26 12:35 - 2021-12-04 19:22 - 000000000 ____D
C:\ProgramData\HitmanPro.Alert
2021-11-26 12:35 - 2021-11-26 12:35 - 000000000 ____D C:\Program Files
(x86)\HitmanPro.Alert
2021-11-26 12:35 - 2020-12-14 06:35 - 001136968 _____ (SurfRight B.V.)
C:\WINDOWS\system32\hmpalert.dll
2021-11-26 12:35 - 2020-12-14 06:35 - 001049088 _____ (SurfRight B.V.)
C:\WINDOWS\SysWOW64\hmpalert.dll
2021-11-26 12:35 - 2020-12-14 06:35 - 000697712 _____ (SurfRight B.V.)
C:\WINDOWS\system32\Drivers\hmpalert.sys
2021-11-26 12:35 - 2020-11-25 03:12 - 000237520 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\sntp.sys
2021-11-26 12:35 - 2020-11-25 03:12 - 000047760 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\swi_callout.sys
2021-11-26 12:34 - 2021-11-26 12:34 - 000000000 ____D
C:\WINDOWS\SysWOW64\SophosAV
2021-11-26 12:34 - 2021-11-26 12:34 - 000000000 ____D
C:\WINDOWS\system32\SophosAV
2021-11-26 12:34 - 2020-11-25 03:12 - 000037376 _____ (Sophos Limited)
C:\WINDOWS\system32\SophosBootTasks.exe
2021-11-26 12:33 - 2021-11-26 12:35 - 000000000 ____D C:\Program Files\Sophos
2021-11-26 12:33 - 2021-11-26 12:33 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-11-26 12:33 - 2021-11-26 12:33 - 000000000 ____D C:\Program Files\Common
Files\Sophos
2021-11-26 12:33 - 2020-12-16 01:35 - 001247832 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\SophosED.sys
2021-11-26 12:33 - 2020-12-16 01:35 - 000052688 _____ (Sophos Limited)
C:\WINDOWS\system32\SophosNA.exe
2021-11-26 12:33 - 2020-12-16 01:35 - 000042012 _____
C:\WINDOWS\system32\Drivers\SophosED.man
2021-11-26 12:33 - 2020-12-16 01:35 - 000022152 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\SophosEL.sys
2021-11-26 12:32 - 2020-11-25 03:12 - 000216280 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\savonaccess.sys
2021-11-26 12:32 - 2020-11-25 03:12 - 000176120 _____ (Sophos Limited)
C:\WINDOWS\system32\sdccoinstaller.dll
2021-11-26 12:32 - 2020-11-25 03:12 - 000045840 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\SophosBootDriver.sys
2021-11-26 12:32 - 2020-11-25 03:12 - 000038144 _____ (Sophos Limited)
C:\WINDOWS\system32\Drivers\sdcfilter.sys
2021-11-26 12:29 - 2021-11-26 12:35 - 000000000 ____D C:\ProgramData\Sophos
2021-11-26 12:28 - 2021-11-26 12:36 - 000000000 ____D C:\Program Files
(x86)\Sophos
2021-11-26 11:31 - 2021-12-02 17:25 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-26 11:31 - 2021-11-26 11:31 - 000001012 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-26 11:31 - 2021-11-26 11:31 - 000001000 _____
C:\Users\Public\Desktop\Firefox.lnk
2021-11-26 11:31 - 2021-11-26 11:31 - 000000000 ____D
C:\WINDOWS\system32\Tasks\Mozilla
2021-11-26 11:31 - 2021-11-26 11:31 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Mozilla
2021-11-26 11:31 - 2021-11-26 11:31 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Mozilla
2021-11-26 11:31 - 2021-11-26 11:31 - 000000000 ____D C:\Program Files\Mozilla
Firefox
2021-11-26 11:31 - 2021-11-26 11:31 - 000000000 ____D C:\Program Files
(x86)\Mozilla Maintenance Service
2021-11-26 10:56 - 2021-11-26 10:56 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Comms
2021-11-26 10:45 - 2021-11-26 10:45 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2021-11-26 10:39 - 2021-11-26 10:39 - 000000000 ___HD C:\$WinREAgent
2021-11-26 10:39 - 2021-11-26 10:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-26 10:37 - 2021-12-04 19:33 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\audacity
2021-11-26 10:37 - 2021-11-26 10:37 - 000000000 ____D
C:\Users\Administrator\AppData\Local\audacity
2021-11-26 10:34 - 2021-11-26 10:37 - 000000000 ____D C:\Program Files\Audacity
2021-11-26 10:34 - 2021-11-26 10:34 - 000000872 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-11-26 10:34 - 2021-11-26 10:34 - 000000860 _____
C:\Users\Public\Desktop\Audacity.lnk
2021-11-26 10:22 - 2021-12-03 19:27 - 000000000 ____D
C:\Users\Administrator\AppData\Local\D3DSCache
2021-11-25 21:55 - 2021-11-25 21:55 - 000000000 ____D
C:\Users\Administrator\AppData\Local\VirtualStore
2021-11-25 21:52 - 2021-11-25 21:52 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Publishers
2021-11-25 21:51 - 2021-11-26 11:49 - 000000000 ____D C:\ProgramData\Packages
2021-11-25 21:49 - 2021-11-26 11:49 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Packages
2021-11-25 21:49 - 2021-11-25 21:50 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Intel
2021-11-25 21:49 - 2021-11-25 21:50 - 000000000 ____D
C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2021-11-25 21:49 - 2021-11-25 21:49 - 000000020 ___SH
C:\Users\Administrator\ntuser.ini
2021-11-25 21:49 - 2021-11-25 21:49 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Adobe
2021-11-25 21:38 - 2021-12-03 19:42 - 000803404 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-25 21:37 - 2021-11-25 21:37 - 000000000 ____D
C:\Users\Administrator\Documents\FreshStart
2021-11-25 21:34 - 2021-11-26 11:52 - 000000000 ____D C:\Users\Administrator
2021-11-25 21:34 - 2021-06-05 04:04 - 000001281 _____
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Administrative Tools.lnk
2021-11-25 21:34 - 2021-06-05 04:04 - 000000407 _____
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\File Explorer.lnk
2021-11-25 21:26 - 2021-11-25 21:32 - 000000000 ____D C:\ProgramData\Realtek
2021-11-25 21:25 - 2021-11-25 21:57 - 000002447 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-25 21:25 - 2021-11-25 21:25 - 000562622 _____
C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-11-25 21:25 - 2021-11-25 21:25 - 000003194 _____
C:\WINDOWS\system32\Tasks\RTKCPL
2021-11-25 21:25 - 2021-11-25 21:25 - 000002063 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Control.lnk
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D
C:\WINDOWS\system32\SRSLabs
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D
C:\ProgramData\SoundResearch
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D C:\Program Files\Realtek
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D C:\Program Files\Intel
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 ____D C:\Program Files
(x86)\VulkanRT
2021-11-25 21:25 - 2021-11-25 21:25 - 000000000 _____
C:\WINDOWS\system32\GfxValDisplayLog.bin
2021-11-25 21:25 - 2017-11-02 12:15 - 000928568 _____
C:\WINDOWS\system32\vulkan-1.dll
2021-11-25 21:25 - 2017-11-02 12:15 - 000798520 _____
C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-11-25 21:25 - 2017-11-02 12:15 - 000490808 _____
C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-11-25 21:25 - 2017-11-02 12:14 - 000591672 _____
C:\WINDOWS\system32\vulkaninfo.exe
2021-11-25 21:23 - 2021-11-25 21:51 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-25 21:23 - 2021-11-25 21:51 - 000003356 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-25 21:22 - 2021-11-25 21:33 - 000000000 ____D C:\ProgramData\Intel
2021-11-25 21:21 - 2021-12-04 16:08 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2021-11-25 21:21 - 2021-12-03 19:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-25 21:21 - 2021-11-30 22:13 - 000302152 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-25 21:21 - 2021-11-26 10:23 - 000000000 ____D
C:\WINDOWS\system32\Drivers\wd
2021-11-25 21:16 - 2021-11-25 21:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-11-25 21:04 - 2021-11-25 21:04 - 000253952 _____ (Microsoft Corporation)
C:\WINDOWS\system32\ssText3d.scr
2021-11-25 21:04 - 2021-11-25 21:04 - 000015040 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-25 21:04 - 2021-11-25 21:04 - 000013824 _____
C:\WINDOWS\SysWOW64\prxyqry.dll
2021-11-25 21:04 - 2021-11-25 21:04 - 000009522 _____
C:\WINDOWS\system32\ResPriUHMImageList
2021-11-25 21:04 - 2021-11-25 21:04 - 000009522 _____
C:\WINDOWS\system32\ResPriImageList
2021-11-25 21:04 - 2021-11-25 21:04 - 000009522 _____
C:\WINDOWS\system32\ResPriHMImageList
2021-11-25 21:04 - 2021-11-25 21:04 - 000009402 _____
C:\WINDOWS\system32\ResPriHMImageListLowCost
2021-11-25 21:04 - 2021-11-25 21:04 - 000008964 _____
C:\WINDOWS\system32\ResPriLMImageList
2021-11-25 21:04 - 2021-11-25 21:04 - 000008870 _____
C:\WINDOWS\system32\ResPriImageListLowCost
2021-11-25 21:03 - 2021-11-25 21:03 - 000617648 _____
C:\WINDOWS\SysWOW64\TextShaping.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000425984 _____
C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000267264 _____
C:\WINDOWS\SysWOW64\Windows.Internal.UI.Dialogs.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000221184 _____
C:\WINDOWS\SysWOW64\Microsoft.Internal.FrameworkUdk.System.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000121344 _____
C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-25 21:03 - 2021-11-25 21:03 - 000041594 _____
C:\WINDOWS\SysWOW64\ctac.json
2021-11-25 21:03 - 2021-11-25 21:03 - 000040960 _____
C:\WINDOWS\system32\prxyqry.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000036864 _____
C:\WINDOWS\system32\umpodev.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000006656 _____
C:\WINDOWS\SysWOW64\nrtapi.dll
2021-11-25 21:03 - 2021-11-25 21:03 - 000003366 _____
C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2021-11-25 21:02 - 2021-11-25 21:02 - 000360448 _____
C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-11-25 21:02 - 2021-11-25 21:02 - 000335872 _____
C:\WINDOWS\system32\Windows.Internal.UI.Dialogs.dll
2021-11-25 21:02 - 2021-11-25 21:02 - 000286720 _____
C:\WINDOWS\system32\AggregatorHost.exe
2021-11-25 21:02 - 2021-11-25 21:02 - 000180224 _____
C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2021-11-25 21:02 - 2021-11-25 21:02 - 000099560 _____
C:\WINDOWS\system32\wow64con.dll
2021-11-25 21:02 - 2021-11-25 21:02 - 000077824 _____
C:\WINDOWS\system32\runexehelper.exe
2021-11-25 21:02 - 2021-11-25 21:02 - 000024576 _____
C:\WINDOWS\system32\nrtapi.dll
2021-11-25 21:02 - 2021-11-25 21:02 - 000003366 _____
C:\WINDOWS\system32\AppxProvisioning.xml
2021-11-25 21:01 - 2021-11-25 21:01 - 000727576 _____
C:\WINDOWS\system32\TextShaping.dll
2021-11-25 21:01 - 2021-11-25 21:01 - 000614400 _____
C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-11-25 21:01 - 2021-11-25 21:01 - 000311296 _____
C:\WINDOWS\system32\Microsoft.Internal.FrameworkUdk.System.dll
2021-11-25 21:01 - 2021-11-25 21:01 - 000215552 _____
C:\WINDOWS\system32\CloudIdWxhExtension.dll
2021-11-25 21:01 - 2021-11-25 21:01 - 000172032 _____
C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-11-25 21:00 - 2021-11-25 21:00 - 000258048 _____
C:\WINDOWS\system32\CoreMas.dll
2021-11-25 21:00 - 2021-11-25 21:00 - 000208896 _____
C:\WINDOWS\system32\IHDS.dll
2021-11-25 21:00 - 2021-11-25 21:00 - 000167936 _____
C:\WINDOWS\system32\TpmTool.exe
2021-11-25 21:00 - 2021-11-25 21:00 - 000041594 _____
C:\WINDOWS\system32\ctac.json
2021-11-25 20:52 - 2021-11-26 10:27 - 000000000 ____D C:\WINDOWS\HoloShell
2021-11-25 20:52 - 2021-11-25 21:12 - 000000000 ____D C:\WINDOWS\TextInput
2021-11-25 20:52 - 2021-06-01 14:30 - 000076060 _____
C:\WINDOWS\system32\xpsrchvw.xml
2021-11-25 20:52 - 2021-05-27 17:51 - 000076060 _____
C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-11-25 20:48 - 2021-06-01 14:21 - 001368296 _____
C:\WINDOWS\system32\PerceptionSimulationRightHandModel.glb
2021-11-25 20:48 - 2021-06-01 14:21 - 001366268 _____
C:\WINDOWS\system32\PerceptionSimulationLeftHandModel.glb
2021-11-25 20:47 - 2021-06-01 14:21 - 000000002 _____
C:\WINDOWS\system32\hologramcompositor.lock
2021-11-25 20:42 - 2021-11-30 22:07 - 000000000 ____D C:\WINDOWS\Firmware
2021-11-25 20:40 - 2021-11-25 20:40 - 000008192 _____
C:\WINDOWS\system32\config\userdiff
2021-11-25 19:38 - 2021-11-25 21:38 - 000000000 ___HD C:\$SysReset
2021-11-23 19:07 - 2021-11-30 15:59 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2021-11-23 18:25 - 2021-11-23 18:26 - 000014126 _____
C:\Users\Administrator\Downloads\Addition.txt
2021-11-23 18:18 - 2021-12-04 19:42 - 000017185 _____
C:\Users\Administrator\Downloads\FRST.txt
2021-11-23 18:12 - 2021-12-04 19:42 - 000000000 ____D C:\FRST
2021-11-23 17:41 - 2021-11-23 17:41 - 000000000 ____D C:\NoBot
2021-11-22 17:07 - 2021-12-04 19:38 - 000000000 ____D
C:\Users\Administrator\AppData\LocalLow\Mozilla
2021-11-21 14:45 - 2021-11-21 14:46 - 305856512 _____
C:\Users\Administrator\Documents\Windows 10_64bit.iso
2021-11-21 14:15 - 2021-11-21 14:57 - 000000000 ____D C:\ESD
2021-11-21 14:13 - 2021-11-21 14:13 - 000000000 ___HD C:\$Windows.~WS
2021-11-20 19:14 - 2021-11-20 19:14 - 000030778 _____
C:\Users\Administrator\Downloads\This Is Current for thomas.denq@gmail.com Web
capture_20-11-2021_191359_myaccount.google.com.jpeg
2021-11-20 09:53 - 2021-11-25 21:16 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-11-20 09:04 - 2021-11-20 09:05 - 111753744 _____
C:\Users\Administrator\Downloads\yt1s.com - 2015 4 9 鄧文聰掏空幸福人壽
還要政府花公帑接管_360p.mp4
2021-11-19 15:35 - 2021-11-19 15:38 - 000000000 ____D C:\AdwCleaner
2021-11-19 08:51 - 2021-11-19 08:51 - 000049145 _____
C:\Users\Administrator\Downloads\Anita Inagandla, follow classmate, Linkedin
Profile started [smart parents promised her to pay for more expensive master's
degree] sjsu in 2011 and WENT TO SANTA CLARA UNIVERSITY FOR J.D.pdf
2021-11-18 18:50 - 2021-11-18 19:03 - 000000000 ____D C:\EEK
2021-11-18 18:38 - 2021-12-04 17:36 - 000000000 ____D
C:\Users\Administrator\AppData\LocalLow\IGDump
2021-11-18 09:33 - 2021-11-18 09:33 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My archive shortcuts
2021-11-17 10:18 - 2021-11-17 10:18 - 000050124 _____
C:\Users\Administrator\Downloads\CMOS meaning.jpeg
2021-11-15 11:41 - 2021-11-26 11:51 - 000000000 ____D C:\temp
2021-11-14 19:04 - 2021-11-14 19:04 - 000000000 ____D
C:\Users\Administrator\AppData\LocalLow\Temp
2021-11-14 17:14 - 2021-11-14 17:14 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-11-12 10:02 - 2020-03-30 02:30 - 007326296 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2021-11-12 10:02 - 2020-03-30 02:30 - 003769296 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 003676960 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2021-11-12 10:02 - 2020-03-30 02:30 - 003445640 _____ (DTS, Inc.)
C:\WINDOWS\system32\slcnt64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 003353720 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtkApi64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 003168280 _____ (DTS, Inc.)
C:\WINDOWS\system32\sltech64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 003159672 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001435032 _____ (Synopsys, Inc.)
C:\WINDOWS\system32\SRRPTR64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001414984 _____ (Sound Research, Corp.)
C:\WINDOWS\system32\SEHDHF64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001403712 _____ (Sound Research, Corp.)
C:\WINDOWS\system32\SECOMN64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001353216 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RTCOM64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001327936 _____ (Sound Research, Corp.)
C:\WINDOWS\system32\SEAPO64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001195856 _____ (Sound Research, Corp.)
C:\WINDOWS\system32\SEHDRA64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001110072 _____ (DTS, Inc.)
C:\WINDOWS\system32\sl3apo64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001078576 _____ (Sound Research, Corp.)
C:\WINDOWS\SysWOW64\SEHDHF32.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 001061464 _____ (Sound Research, Corp.)
C:\WINDOWS\SysWOW64\SECOMN32.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000692056 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000541008 _____ (SRS Labs, Inc.)
C:\WINDOWS\system32\SRSTSX64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000467048 _____ (Synopsys, Inc.)
C:\WINDOWS\system32\SRAPO64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000392768 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RTEEP64A.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000381304 _____ (Synopsys, Inc.)
C:\WINDOWS\system32\SRCOM64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000343600 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000341040 _____ (Synopsys, Inc.)
C:\WINDOWS\SysWOW64\SRCOM.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000341040 _____ (Synopsys, Inc.)
C:\WINDOWS\system32\SRCOM.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000327168 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RP3DHT64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000327168 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RP3DAA64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000266448 _____ (TODO: <Company name>)
C:\WINDOWS\system32\slprp64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000230600 _____ (SRS Labs, Inc.)
C:\WINDOWS\system32\SRSTSH64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000220280 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RTEED64A.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000218168 _____ (SRS Labs, Inc.)
C:\WINDOWS\system32\SRSHP64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000192872 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000174832 _____ (SRS Labs, Inc.)
C:\WINDOWS\system32\SRSWOW64.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000116432 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RTEEL64A.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000093800 _____ (Dolby Laboratories, Inc.)
C:\WINDOWS\system32\RTEEG64A.dll
2021-11-12 10:02 - 2020-03-30 02:30 - 000083520 _____ (Virage Logic Corporation
/ Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2021-11-12 10:02 - 2020-03-30 02:29 - 072520608 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RCoRes64.dat
2021-11-12 10:02 - 2020-03-30 02:29 - 002930048 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2021-11-12 10:02 - 2020-03-30 02:29 - 000122208 _____ (Real Sound Lab SIA)
C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2021-11-12 10:02 - 2020-03-30 02:29 - 000023584 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2021-11-12 10:02 - 2020-03-30 01:59 - 039130926 _____
C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-11-11 19:34 - 2021-11-11 19:34 - 000076311 _____
C:\Users\Administrator\Downloads\static-detection-of-backdoors-1.0_compressed.pdf
2021-11-11 19:31 - 2021-11-11 19:31 - 000108864 _____
C:\Users\Administrator\Downloads\static-detection-of-backdoors-1.0.pdf
2021-11-11 17:33 - 2021-11-11 17:33 - 000000000 ____D
C:\Users\Administrator\AppData\LineCall
2021-11-09 10:43 - 2021-11-26 11:03 - 000000000 ____D
C:\Users\Administrator\Documents\Audacity
2021-11-06 16:08 - 2021-11-06 16:08 - 002380635 _____
C:\Users\Administrator\Downloads\IMSLP35271-PMLP78872-Bartok_-_SZ_75_-_Sonata_for_Violin_and_Piano_No._1_(op_21)_-_violin.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-04 16:55 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-04 14:31 - 2021-06-05 04:09 - 000000000 ____D C:\WINDOWS\INF
2021-12-04 11:01 - 2021-06-05 04:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-04 10:25 - 2021-06-05 04:10 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2021-12-04 08:25 - 2021-10-31 09:28 - 000000000 __SHD
C:\Users\Administrator\IntelGraphicsProfiles
2021-12-03 19:35 - 2021-11-01 12:52 - 000012288 ___SH C:\DumpStack.log.tmp
2021-12-03 19:34 - 2021-06-05 04:01 - 000065536 _____
C:\WINDOWS\system32\config\BBI
2021-12-02 17:27 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\LiveKernelReports
2021-12-01 20:44 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-30 21:55 - 2018-03-17 01:17 - 000000000 ___RD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-11-26 18:21 - 2021-06-05 04:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-26 11:49 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-26 10:56 - 2021-06-05 04:10 - 000000000 ___HD C:\Program
Files\WindowsApps
2021-11-26 10:26 - 2021-06-05 04:10 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-11-26 10:25 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\appcompat
2021-11-26 10:23 - 2021-06-05 04:10 - 000000000 ____D C:\Program Files\Windows
Defender
2021-11-25 22:05 - 2021-06-05 04:01 - 000000000 ____D C:\WINDOWS\servicing
2021-11-25 21:50 - 2021-06-05 04:10 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2021-11-25 21:49 - 2021-06-05 05:16 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-11-25 21:49 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\spool
2021-11-25 21:49 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-25 21:49 - 2017-10-05 15:38 - 000000000 __RHD
C:\Users\Public\AccountPictures
2021-11-25 21:37 - 2021-06-05 04:10 - 000000000 ____D C:\ProgramData\USOPrivate
2021-11-25 21:25 - 2021-06-05 04:01 - 000032768 _____
C:\WINDOWS\system32\config\ELAM
2021-11-25 21:21 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-25 21:16 - 2021-06-05 04:14 - 000000000 ____D C:\WINDOWS\Setup
2021-11-25 21:16 - 2021-06-05 04:10 - 000000000 __RHD C:\Users\Public\Libraries
2021-11-25 21:16 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\WinBioDatabase
2021-11-25 21:16 - 2021-06-05 04:08 - 000028672 _____
C:\WINDOWS\system32\config\BCD-Template
2021-11-25 21:12 - 2021-06-05 05:17 - 000000000 ____D C:\Program Files\Windows
Photo Viewer
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ___SD
C:\WINDOWS\SysWOW64\DiagSvcs
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ___SD
C:\WINDOWS\system32\DiagSvcs
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\SysWOW64\WinMetadata
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\WinMetadata
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\WinBioPlugIns
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\ShellExperiences
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\PerceptionSimulation
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\id-ID
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\system32\appraiser
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\ShellExperiences
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\Provisioning
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-25 21:12 - 2021-06-05 04:10 - 000000000 ____D C:\Program Files\Common
Files\System
2021-11-25 21:11 - 2021-06-05 05:17 - 000032768 _____ (Microsoft Corporation)
C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-11-25 21:11 - 2021-06-05 05:17 - 000021047 _____
C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-11-25 20:52 - 2021-06-05 04:10 - 000000000 ____D C:\WINDOWS\SystemApps
2021-11-21 13:28 - 2017-10-05 15:38 - 000000000 ___RD C:\Users\Administrator\3D
Objects
2021-11-20 18:37 - 2021-07-27 17:35 - 001306504 _____ (Sysinternals -
www.sysinternals.com) C:\Users\Administrator\Downloads\sigcheck64a.exe
2021-11-20 18:37 - 2021-07-27 17:35 - 001166728 _____ (Sysinternals -
www.sysinternals.com) C:\Users\Administrator\Downloads\sigcheck64.exe
2021-11-20 18:37 - 2021-07-27 17:35 - 000852344 _____ (Sysinternals -
www.sysinternals.com) C:\Users\Administrator\Downloads\sigcheck.exe
2021-11-20 18:37 - 2021-07-27 17:34 - 000007490 _____
C:\Users\Administrator\Downloads\Eula.txt
2021-11-19 15:38 - 2018-03-06 11:16 - 000000000 ___HD C:\hp
2021-11-15 11:35 - 2018-03-17 01:58 - 000000000 ____D C:\SWSetup
==================== Files in the root of some directories ========
2021-12-04 10:04 - 2021-12-04 10:04 - 000338012 _____ ()
C:\Users\Administrator\AppData\Local\ars.cache
2021-12-04 10:04 - 2021-12-04 10:04 - 000781552 _____ ()
C:\Users\Administrator\AppData\Local\census.cache
2021-12-03 12:54 - 2021-12-03 12:54 - 000000036 _____ ()
C:\Users\Administrator\AppData\Local\housecall.guid.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Edited by yoon_777, 04 December 2021 - 10:47 PM.
* Back to top
--------------------------------------------------------------------------------
#4 NASDAQ
nasdaq
*
* Malware Response Team
* 47,228 posts
* OFFLINE
* Gender:Male
* Location:Montreal, QC. Canada
* Local time:06:45 AM
Posted Yesterday, 09:29 AM
Hi,
Quote
> Other suspicious behavior, Housecall scans don't work.
This Sophos Anti-Virus is probably not allowing HouseCall to execute.
AV: Sophos Home (Enabled - Up to date) {8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}
Disable it and see if HouseCall will execute.
You will also see that may of the files for Trend Micro are not found.
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 5.3.1285 - Trend
Micro Inc.)
If you decide to remove HouseCall I suggest you do it via the Control Panel >
Programs > Programs and Features...
Let me know which option you have chosen.
----
Press the Windows key + r on your keyboard at the same time. This will open the
RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
start
Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:
Comment: Items from the FRST.TXT log that will be removed.
Task: {CB6F0795-5CBF-431C-8694-903CDDF8E867} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Comment: Items from the Addition.txt log that will be removed.
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B52C5D6B-48E5-4618-AFC8-2F1A11B780C1}] => (Allow) c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe => No File
FirewallRules: [{6BB9BDBE-7C0E-479B-9C20-4EB54A93FED5}] => (Allow) c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe => No File
FirewallRules: [{5674CA9D-371C-418A-B6A5-EA72B72CE9A0}] => (Allow) c:\program files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{B7105664-3B86-4584-86FF-4BDD3EADF599}] => (Allow) c:\program files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{E2D9ACD9-ED98-4861-8FFB-2FDFD3C76FD0}] => (Allow) c:\program files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{E21F7080-D7DA-4D12-9494-FCA33EF2DFAA}] => (Allow) c:\program files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{7D1C2328-A74E-41D1-B877-046804A546FD}] => (Block) c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{B349C319-7346-4394-8623-74FE5D8DA0C1}] => (Block) c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{4ABA610B-6E23-429F-B368-E2613467C381}] => (Block) c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{CA2ED8E2-D021-4A46-A830-B87EC4A3412C}] => (Block) c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{DC3ACF7A-D00E-4EEB-A008-E5DE324119DB}] => (Allow) c:\program files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{8DA1EB2D-E785-4195-82AF-BF713DA73F73}] => (Allow) c:\program files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{ADBF9BEB-9D92-4F1B-B440-608D71F9F6CD}] => (Allow) c:\program files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{AEF26D3D-E309-4FDE-AE64-847EE71554F8}] => (Allow) c:\program files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{5956AFE3-DC0C-466E-9EDA-EF6826428CC2}] => (Allow) c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
FirewallRules: [{AFFB11B8-5C4C-403E-8184-8F2105B0B9AD}] => (Allow) c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
Reboot:
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running
from.
The location is listed in the 3rd line of the Farbar log you have submitted.
Run FRST and click Fix only once and wait.
The tool will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixlog.txt and let me know what problem persists.
* Back to top
--------------------------------------------------------------------------------
#5 YOON_777
yoon_777
* Topic Starter
*
* Members
* 113 posts
* OFFLINE
* Local time:03:45 AM
Posted Yesterday, 12:59 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-12-2021
Ran by Administrator (05-12-2021 09:51:14) Run:3
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:
Comment: Items from the FRST.TXT log that will be removed.
Task: {CB6F0795-5CBF-431C-8694-903CDDF8E867} - System32\Tasks\Mozilla\Firefox
Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla
Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Comment: Items from the Addition.txt log that will be removed.
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => ->
No File
FirewallRules: [{B52C5D6B-48E5-4618-AFC8-2F1A11B780C1}] => (Allow)
c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe =>
No File
FirewallRules: [{6BB9BDBE-7C0E-479B-9C20-4EB54A93FED5}] => (Allow)
c:\windows\temp\trend micro\drscanner\package\launcher\trendmicrolauncher.exe =>
No File
FirewallRules: [{5674CA9D-371C-418A-B6A5-EA72B72CE9A0}] => (Allow) c:\program
files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{B7105664-3B86-4584-86FF-4BDD3EADF599}] => (Allow) c:\program
files\trend micro\7zs085a839f\setup.exe => No File
FirewallRules: [{E2D9ACD9-ED98-4861-8FFB-2FDFD3C76FD0}] => (Allow) c:\program
files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{E21F7080-D7DA-4D12-9494-FCA33EF2DFAA}] => (Allow) c:\program
files\trend micro\7zs075b7a10\setup.exe => No File
FirewallRules: [{7D1C2328-A74E-41D1-B877-046804A546FD}] => (Block)
c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{B349C319-7346-4394-8623-74FE5D8DA0C1}] => (Block)
c:\windows\temp\trend micro\drscanner\package\drscanner.exe => No File
FirewallRules: [{4ABA610B-6E23-429F-B368-E2613467C381}] => (Block)
c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{CA2ED8E2-D021-4A46-A830-B87EC4A3412C}] => (Block)
c:\windows\temp\trend micro\drsunziptemp\drscanner.exe => No File
FirewallRules: [{DC3ACF7A-D00E-4EEB-A008-E5DE324119DB}] => (Allow) c:\program
files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{8DA1EB2D-E785-4195-82AF-BF713DA73F73}] => (Allow) c:\program
files\trend micro\7zs05415f87\setup.exe => No File
FirewallRules: [{ADBF9BEB-9D92-4F1B-B440-608D71F9F6CD}] => (Allow) c:\program
files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{AEF26D3D-E309-4FDE-AE64-847EE71554F8}] => (Allow) c:\program
files\trend micro\7zs476c740b\setup.exe => No File
FirewallRules: [{5956AFE3-DC0C-466E-9EDA-EF6826428CC2}] => (Allow)
c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
FirewallRules: [{AFFB11B8-5C4C-403E-8184-8F2105B0B9AD}] => (Allow)
c:\users\administrator\appdata\local\temp\mbaminstallerservice.exe => No File
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
Reboot:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{CB6F0795-5CBF-431C-8694-903CDDF8E867}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6F0795-5CBF-431C-8694-903CDDF8E867}"
=> removed successfully
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
=> moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent
308046B0AF4A39CB" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B52C5D6B-48E5-4618-AFC8-2F1A11B780C1}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BB9BDBE-7C0E-479B-9C20-4EB54A93FED5}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5674CA9D-371C-418A-B6A5-EA72B72CE9A0}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7105664-3B86-4584-86FF-4BDD3EADF599}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2D9ACD9-ED98-4861-8FFB-2FDFD3C76FD0}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E21F7080-D7DA-4D12-9494-FCA33EF2DFAA}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D1C2328-A74E-41D1-B877-046804A546FD}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B349C319-7346-4394-8623-74FE5D8DA0C1}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ABA610B-6E23-429F-B368-E2613467C381}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA2ED8E2-D021-4A46-A830-B87EC4A3412C}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC3ACF7A-D00E-4EEB-A008-E5DE324119DB}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DA1EB2D-E785-4195-82AF-BF713DA73F73}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADBF9BEB-9D92-4F1B-B440-608D71F9F6CD}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEF26D3D-E309-4FDE-AE64-847EE71554F8}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5956AFE3-DC0C-466E-9EDA-EF6826428CC2}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFFB11B8-5C4C-403E-8184-8F2105B0B9AD}"
=> removed successfully
========= netsh int ip reset =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /flushDNS =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
not found
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
The system needed a reboot.
==== End of Fixlog 09:52:28 ====
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
0 USER(S) ARE READING THIS TOPIC
0 members, 0 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2021 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy