computer hacked

Started by mare_wbpa, June 27, 2024, 08:04:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 ... 3 4 5 6 7 ... 14
User actions

DR M

#60
July 02, 2024, 02:43:36 PM
Hi, Mary Ann.

As Corrine stated above, you will find Addition in your Downloads folder.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

#61
July 02, 2024, 03:06:07 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by mary ann (01-07-2024 16:55:52)
Running from C:\Users\mary ann\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) (2024-01-10 05:27:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808705873-2307071823-1975692619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808705873-2307071823-1975692619-503 - Limited - Disabled)
Guest (S-1-5-21-808705873-2307071823-1975692619-501 - Limited - Disabled)
mary ann (S-1-5-21-808705873-2307071823-1975692619-1001 - Administrator - Enabled) => C:\Users\mary ann
SACNETDRIVEUSER01 (S-1-5-21-808705873-2307071823-1975692619-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-808705873-2307071823-1975692619-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.6.9241.1898 - Gen Digital Inc.)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 126.0.25497.127 - Gen Digital Inc.)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1650.5 - AVG Technologies) Hidden
ExpressVPN (HKLM-x32\...\{0ebb04c1-1fe8-4092-98b8-60acd20c184b}) (Version: 10.29.0.16 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8779D7841}) (Version: 10.29.0.16 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP One Agent (HKLM\...\{22C961A0-D978-43C0-9E2E-0ED40AD1763E}) (Version: 1.1.0.54209 - HP Inc.) Hidden
HP One Agent (HKLM\...\{E3864E7A-058C-4AC3-8331-E2E4F64C69A4}) (Version: 1.1.0.54209 - HP Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version:  - )
Serif PhotoPlus X3 (HKLM-x32\...\{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}) (Version: 13.0.2.012 - Serif (Europe) Ltd)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
Vacation Adventures: Park Ranger 11 Collector's Edition (HKLM-x32\...\WTA-34c9b635-51a8-4655-a136-e546f6b1b577) (Version: 7.0.0.650 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.83 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 7.0.0.710 - WildTangent) Hidden

Packages:
=========

Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.3.9.0_x64__y5c4dfz5b21fm [2024-06-04] (Any DVD & Office App)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1501.533.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.24.0_x64__xbfy0k16fey96 [2024-05-29] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-06-13] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.51.329.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.1.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-04-14] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2024-05-23] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-17] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6 [2024-06-22] (HP Inc.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5002.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-07] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-06-18] (Microsoft Windows) [Startup Task]
Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.7.5.0_x64__bzg06mxvgh4fa [2024-06-10] (V3TApps)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.) [Startup Task]
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6 [2024-06-19] (HP Inc.) [Startup Task]
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-25] (Microsoft Corporation) [Startup Task]
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.31.5.0_x64__crhqpqs3x1ygc [2024-06-28] (PicsArt Inc.)
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2024-05-14] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0 [2024-06-20] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1227.1637.0_x64__8wekyb3d8bbwe [2024-05-16] (Microsoft Corp.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-23] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp

==================== Loaded Modules (Whitelisted) =============

2024-01-10 13:18 - 2008-08-26 07:30 - 000512000 ____R (DMSoft Technologies) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\SkinCrafterDll.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000432640 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\8cbe5e918dda168b51e846c407cdf9ee\LauncherSDK.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\a57e819a0e855073c225a8a8648c564b\Logging.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000153088 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\ce3507418d8404104e703920744369f2\RpcClient.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\882ad647075f59ad2bfd65cae6b3b027\WMISDK.ni.dll
2024-01-10 13:18 - 2010-09-07 14:38 - 000315392 ____R (Initio) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\iCommon.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2024-05-19 16:28 - 2024-05-19 16:28 - 003884544 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\33b839d1b7d68746d6cf900a829f229e\Newtonsoft.Json.ni.dll
2024-01-10 13:18 - 2010-11-18 04:19 - 000458752 ____R (Storage Appliance Corp.) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\devutil.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-05-13] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-05-13] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808705873-2307071823-1975692619-1001\Control Panel\Desktop\\Wallpaper -> c:\c\users\mary ann\pictures\lighthouses\portland lighthouse 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ED79D5F-B8DD-4B65-A43B-DCE80831C0BB}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{F321F15B-F4DE-42EE-B63B-FC7FEFE289EF}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{3801F270-B500-4859-BC46-8FE781A27627}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{CD6882EC-9C5B-44CA-BC45-85DDBE0ACC40}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [{529D592E-21DC-4BD2-BAEE-A4E21212098E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{719B05F2-CFCD-4B20-B5E7-B48A1AE2DC9E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{0726D4D3-8390-4F3E-97E7-C0C8C278E0A7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{32F77349-BD03-4404-88CF-CF367D5C97EA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9DDBFE59-B0AC-4776-AF5E-E6D9E1FB036A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DD13EC75-6843-40AC-AB60-7166786F7C4A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{374DC90C-C8B1-40B1-A275-38CB797618B3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{BF9C8B0E-C4C1-4288-BF6A-F878450CA31F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2882FC40-4223-4CE4-9C64-0BB8CA73DA5F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{AB48554F-09A1-4EDE-830E-FD306AB3AA0B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{893BCE91-39F3-4875-9917-CDA09B195F96}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{524BF9CD-6EA0-4839-B271-8D7F50A2F55F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{EA467D72-787A-4AB8-B113-7BA70BA074D7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{95F688E0-00CE-4C35-A0FE-889208ABA447}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{21E039A9-606D-45AF-A3D2-3F666C8AC2A9}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2A437DF8-3D21-4106-8FD6-36FF58381425}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{25B1D9D4-23E6-4D33-BBBE-95394C7E4C92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E34EA93-61BD-4AAA-A1E4-A4CACD333C83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1B17939-2F28-407E-B682-EE1FC89D0D77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{133582C7-65DB-4A18-804B-179C42A4A4DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5101D43F-9E67-4216-A523-9BAA79533B7C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A4AC2425-F578-47F8-B7B9-BDCBC4735C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FBBE790B-2777-4EC3-A590-0637CBD8C622}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{57731D3C-5200-461F-9DDB-4DB4206173EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5F338D0C-C496-465F-864B-C3814A9E7B34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC0382CC-A948-430D-A87B-8D63FFF1E934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DEEDE94B-E332-4C88-8DC5-18A704E1C88A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21099701-2A2E-45CA-9FAA-62DE986D2BEE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{888597FD-1199-4E5B-882D-F20D5700F283}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{86ED8B4A-547F-447A-A7B8-1A365B68B9DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8A85F4D-BE54-4F33-8D43-2E2A470A1F11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CA87ABB-2BA1-4347-90DC-7BB832F07B34}] => (Allow) C:\Program Files\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)

==================== Restore Points =========================

21-06-2024 13:01:25 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:22 Windows Update
29-06-2024 17:21:18 Windows Update
30-06-2024 15:02:05 Restore Point Created by FRST
30-06-2024 15:33:19 Restore Point Created by FRST
30-06-2024 18:38:40 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: SCSI Scanner Device
Description: SCSI Scanner Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: scsiscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/01/2024 03:10:17 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: OneApp.IGCC.WinService.exe, version: 1.0.4813.0, time stamp: 0x9358f890
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0x1578
Faulting application start time: 0x0x1dacbea4d362d90
Faulting application path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: a58111db-a6f8-464f-be80-7d0ef84871a1
Faulting package full name:
Faulting package-relative application ID:

Error: (07/01/2024 03:10:11 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_hns, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: hostnetsvc.dll, version: 10.0.22621.3672, time stamp: 0x83ea4860
Exception code: 0xc0000005
Fault offset: 0x000000000005f71f
Faulting process id: 0x0xc7c
Faulting application start time: 0x0x1dacbea4b5abe08
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\hostnetsvc.dll
Report Id: 53dc14f9-e92f-4ca7-a4a5-ac01a6b68ab5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/30/2024 06:38:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {db3279f1-2251-490e-b7f5-a4323d6fba50}

Error: (06/30/2024 03:33:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8ca37e39-50f2-4c47-bd5c-8c64fc7f981d}

Error: (06/30/2024 03:02:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c3518bd1-7a14-4341-9f0c-47ba418f7fb4}

Error: (06/29/2024 08:41:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (06/29/2024 08:41:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (06/29/2024 08:41:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..


System errors:
=============
Error: (07/01/2024 03:10:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.

Error: (07/01/2024 03:10:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) Graphics Command Center Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (07/01/2024 03:10:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Host Network Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/01/2024 09:44:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/30/2024 06:38:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management Engine WMI Provider Registration service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2024 06:38:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/30/2024 06:38:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2024 06:38:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


CodeIntegrity:
===============
Date: 2024-07-01 16:12:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.�

Date: 2024-07-01 16:10:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.�


==================== Memory info ===========================

BIOS: AMI F.09 01/31/2024
Motherboard: HP 899B
Processor: 12th Gen Intel(R) Core(TM) i3-1215U
Percentage of memory in use: 64%
Total physical RAM: 7865.22 MB
Available physical RAM: 2814.2 MB
Total Virtual: 14265.22 MB
Available Virtual: 7779.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:332.3 GB) (Model: KBG50ZNV512G KIOXIA) NTFS

\\?\Volume{5e053ad1-83ed-4e04-a11a-419f61ef1119}\ (Windows RE tools) (Fixed) (Total:0.62 GB) (Free:0.06 GB) NTFS
\\?\Volume{14810eb6-ae0c-4a9e-a1d1-9d375e83fe53}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt =====================

mare_wbpa

#62
July 02, 2024, 03:12:06 PM
I hope this is what you are looking for, but the date is different

Corrine

#63
July 02, 2024, 03:31:29 PM
Yes, it is the correct file.  Sorry, I copied the wrong date from the log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

#64
July 02, 2024, 04:07:09 PM
Glad it's the right file

DR M

#65
July 02, 2024, 04:42:56 PM
Hi, Mary Ann.

Thanks for the two logs.

Just letting you know that I am extremely busy at work these days, and I won't be able to be back to you before tomorrow.

Thanks for your patience.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

#66
July 02, 2024, 04:46:14 PM
Okay

mare_wbpa

#67
July 02, 2024, 05:14:28 PM
Thanks for your help and patience.

DR M

#68
July 03, 2024, 04:40:46 PM
Hi, Mary Ann.

Thank you for your patience.

Let's run another fix. You were able to run it before, so I am sure you will do it again now correctly.

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Download the attached fixlist.txt (see at the end of my reply, the attached file has a clip icon beside it), and save it at the same place where FRST tool is. Right now, it's in your Downloads folder.
  • Right-click on FRST64 in your Downloads folder, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in your Downloads folder.
  • Post the log in your next reply.

In your next reply please post:

The fixlog.txt

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

#69
July 03, 2024, 05:18:57 PM
When I Click on the fixlist.txt and go to the download folder there is no FRST64 anywhere that I look

mare_wbpa

#70
July 03, 2024, 05:22:26 PM
This is the only log i could find.

createrestorepoint:
closeprocesses:
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
2024-06-29 20:54 - 2024-06-29 20:54 - 000003332 _____ C:\windows\system32\Tasks\SystemOptimizerCustomEvent
2024-06-29 20:54 - 2024-06-29 20:54 - 000002892 _____ C:\windows\system32\Tasks\SystemOptimizer
2024-06-29 16:52 - 2024-06-29 16:52 - 012365296 _____ (McAfee, LLC) C:\Users\mary ann\Downloads\MCPR.exe
2024-06-29 16:50 - 2024-06-29 16:50 - 000002334 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk
2024-06-29 16:49 - 2024-06-29 16:49 - 002397032 _____ (LogMeIn, Inc.) C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe
2024-06-29 15:01 - 2024-06-29 15:01 - 000223878 _____ C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-29 20:54 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN
C:\windows\system32\drivers\vmbusproxy.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
RemoveProxy:
emptytemp:

DR M

#71
July 03, 2024, 05:25:09 PM
FRST64.exe is the FRST tool you ran before. It is located in your Downloads folder, where you are going to save the attached fixlist.txt first.

This is the FRST tool:

You cannot view this attachment.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

#72
July 03, 2024, 05:28:32 PM
I hope this is it. I stumbled on it by accident,

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by mary ann (03-07-2024 13:25:23)
Running from C:\Users\mary ann\Downloads\FRST-OlderVersion\FRST-OlderVersion
Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) (2024-01-10 05:27:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808705873-2307071823-1975692619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808705873-2307071823-1975692619-503 - Limited - Disabled)
Guest (S-1-5-21-808705873-2307071823-1975692619-501 - Limited - Disabled)
mary ann (S-1-5-21-808705873-2307071823-1975692619-1001 - Administrator - Enabled) => C:\Users\mary ann
SACNETDRIVEUSER01 (S-1-5-21-808705873-2307071823-1975692619-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-808705873-2307071823-1975692619-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.6.9241.1898 - Gen Digital Inc.)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 126.0.25497.127 - Gen Digital Inc.)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1650.5 - AVG Technologies) Hidden
ExpressVPN (HKLM-x32\...\{0ebb04c1-1fe8-4092-98b8-60acd20c184b}) (Version: 10.29.0.16 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8779D7841}) (Version: 10.29.0.16 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP One Agent (HKLM\...\{22C961A0-D978-43C0-9E2E-0ED40AD1763E}) (Version: 1.1.0.54209 - HP Inc.) Hidden
HP One Agent (HKLM\...\{E3864E7A-058C-4AC3-8331-E2E4F64C69A4}) (Version: 1.1.0.54209 - HP Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version:  - )
Serif PhotoPlus X3 (HKLM-x32\...\{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}) (Version: 13.0.2.012 - Serif (Europe) Ltd)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
Vacation Adventures: Park Ranger 11 Collector's Edition (HKLM-x32\...\WTA-34c9b635-51a8-4655-a136-e546f6b1b577) (Version: 7.0.0.650 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.83 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 7.0.0.710 - WildTangent) Hidden

Packages:
=========

Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.3.9.0_x64__y5c4dfz5b21fm [2024-06-04] (Any DVD &amp; Office App)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1501.533.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.24.0_x64__xbfy0k16fey96 [2024-05-29] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-06-13] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.51.329.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.1.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-04-14] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2024-05-23] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-17] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6 [2024-06-22] (HP Inc.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5002.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-07] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-06-18] (Microsoft Windows) [Startup Task]
Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.7.5.0_x64__bzg06mxvgh4fa [2024-06-10] (V3TApps)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.) [Startup Task]
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6 [2024-06-19] (HP Inc.) [Startup Task]
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-25] (Microsoft Corporation) [Startup Task]
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.31.7.0_x64__crhqpqs3x1ygc [2024-07-03] (PicsArt Inc.)
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2024-05-14] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0 [2024-06-20] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1227.1637.0_x64__8wekyb3d8bbwe [2024-05-16] (Microsoft Corp.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-30] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-23] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp

==================== Loaded Modules (Whitelisted) =============

2024-01-10 13:18 - 2008-08-26 07:30 - 000512000 ____R (DMSoft Technologies) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\SkinCrafterDll.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000432640 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\8cbe5e918dda168b51e846c407cdf9ee\LauncherSDK.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\a57e819a0e855073c225a8a8648c564b\Logging.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000153088 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\ce3507418d8404104e703920744369f2\RpcClient.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\882ad647075f59ad2bfd65cae6b3b027\WMISDK.ni.dll
2024-01-10 13:18 - 2010-09-07 14:38 - 000315392 ____R (Initio) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\iCommon.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2024-05-19 16:28 - 2024-05-19 16:28 - 003884544 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\33b839d1b7d68746d6cf900a829f229e\Newtonsoft.Json.ni.dll
2024-01-10 13:18 - 2010-11-18 04:19 - 000458752 ____R (Storage Appliance Corp.) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\devutil.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-05-13] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-05-13] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808705873-2307071823-1975692619-1001\Control Panel\Desktop\\Wallpaper -> c:\c\users\mary ann\pictures\lighthouses\portland lighthouse 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ED79D5F-B8DD-4B65-A43B-DCE80831C0BB}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{F321F15B-F4DE-42EE-B63B-FC7FEFE289EF}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{3801F270-B500-4859-BC46-8FE781A27627}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{CD6882EC-9C5B-44CA-BC45-85DDBE0ACC40}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [{529D592E-21DC-4BD2-BAEE-A4E21212098E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{719B05F2-CFCD-4B20-B5E7-B48A1AE2DC9E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{0726D4D3-8390-4F3E-97E7-C0C8C278E0A7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{32F77349-BD03-4404-88CF-CF367D5C97EA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9DDBFE59-B0AC-4776-AF5E-E6D9E1FB036A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DD13EC75-6843-40AC-AB60-7166786F7C4A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{374DC90C-C8B1-40B1-A275-38CB797618B3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{BF9C8B0E-C4C1-4288-BF6A-F878450CA31F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2882FC40-4223-4CE4-9C64-0BB8CA73DA5F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{AB48554F-09A1-4EDE-830E-FD306AB3AA0B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{893BCE91-39F3-4875-9917-CDA09B195F96}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{524BF9CD-6EA0-4839-B271-8D7F50A2F55F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{EA467D72-787A-4AB8-B113-7BA70BA074D7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{95F688E0-00CE-4C35-A0FE-889208ABA447}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{21E039A9-606D-45AF-A3D2-3F666C8AC2A9}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2A437DF8-3D21-4106-8FD6-36FF58381425}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{25B1D9D4-23E6-4D33-BBBE-95394C7E4C92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E34EA93-61BD-4AAA-A1E4-A4CACD333C83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1B17939-2F28-407E-B682-EE1FC89D0D77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{133582C7-65DB-4A18-804B-179C42A4A4DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5101D43F-9E67-4216-A523-9BAA79533B7C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A4AC2425-F578-47F8-B7B9-BDCBC4735C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FBBE790B-2777-4EC3-A590-0637CBD8C622}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{57731D3C-5200-461F-9DDB-4DB4206173EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5F338D0C-C496-465F-864B-C3814A9E7B34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC0382CC-A948-430D-A87B-8D63FFF1E934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DEEDE94B-E332-4C88-8DC5-18A704E1C88A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21099701-2A2E-45CA-9FAA-62DE986D2BEE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{888597FD-1199-4E5B-882D-F20D5700F283}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{86ED8B4A-547F-447A-A7B8-1A365B68B9DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8A85F4D-BE54-4F33-8D43-2E2A470A1F11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CA87ABB-2BA1-4347-90DC-7BB832F07B34}] => (Allow) C:\Program Files\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{2E3ACABE-C86D-44E3-8022-65C935E97EC0}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{801F891E-8610-45E6-9B64-64ECFE945B24}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{3B5BA28A-FF70-42C8-AC65-62C8AD49D1C6}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{69057A46-8E82-47F1-A312-6F087D0C50E4}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{89D5C96D-514E-4D5F-A929-3C152E27E7FE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{6199C4B5-6015-4F94-8113-486DEC938CF5}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E87E9A4F-12E2-492A-8C8D-0352C8EEA20B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{F2729C86-9CAF-4089-817A-60BA499D647B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{86620DCC-0B46-48A6-9920-372E6259614A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{C616293F-8DFA-4867-BE5D-5DE20036A16D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{EEC746BF-9B29-421F-9880-0C87B33ED251}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{17330040-2603-44CC-B32F-B6FD401AD481}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{559D587F-3033-4857-8878-684D7F08617E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{A87554B5-8E45-43E0-BCB9-F613977B20B1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E3CA3ABD-63EE-450F-BEC4-D91A62A0512F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9F31D1C0-72D6-45D8-B1A1-781CA58F7351}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.6.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

==================== Restore Points =========================

21-06-2024 13:01:25 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:22 Windows Update
29-06-2024 17:21:18 Windows Update
30-06-2024 15:02:05 Restore Point Created by FRST
30-06-2024 15:33:19 Restore Point Created by FRST
30-06-2024 18:38:40 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: SCSI Scanner Device
Description: SCSI Scanner Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: scsiscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/02/2024 11:26:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (07/01/2024 03:10:17 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: OneApp.IGCC.WinService.exe, version: 1.0.4813.0, time stamp: 0x9358f890
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0x1578
Faulting application start time: 0x0x1dacbea4d362d90
Faulting application path: C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: a58111db-a6f8-464f-be80-7d0ef84871a1
Faulting package full name:
Faulting package-relative application ID:

Error: (07/01/2024 03:10:11 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_hns, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: hostnetsvc.dll, version: 10.0.22621.3672, time stamp: 0x83ea4860
Exception code: 0xc0000005
Fault offset: 0x000000000005f71f
Faulting process id: 0x0xc7c
Faulting application start time: 0x0x1dacbea4b5abe08
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\hostnetsvc.dll
Report Id: 53dc14f9-e92f-4ca7-a4a5-ac01a6b68ab5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/30/2024 06:38:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {db3279f1-2251-490e-b7f5-a4323d6fba50}

Error: (06/30/2024 03:33:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8ca37e39-50f2-4c47-bd5c-8c64fc7f981d}

Error: (06/30/2024 03:02:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c3518bd1-7a14-4341-9f0c-47ba418f7fb4}

Error: (06/29/2024 08:41:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (06/29/2024 08:41:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]


System errors:
=============
Error: (07/03/2024 12:52:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NQDW009T0T5-AD2F1837.OMENCommandCenter.

Error: (07/03/2024 12:08:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NQDW009T0T5-AD2F1837.OMENCommandCenter.

Error: (07/03/2024 12:07:15 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (07/02/2024 09:35:46 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4EQFBMN3)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (07/02/2024 08:37:10 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (07/02/2024 04:54:07 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (07/02/2024 11:26:04 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4EQFBMN3)
Description: The server {2DE3095A-B49E-418F-B5C1-69D2CCF62A8F} did not register with DCOM within the required timeout.

Error: (07/02/2024 11:26:04 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4EQFBMN3)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2024-07-03 12:53:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.09 01/31/2024
Motherboard: HP 899B
Processor: 12th Gen Intel(R) Core(TM) i3-1215U
Percentage of memory in use: 73%
Total physical RAM: 7865.22 MB
Available physical RAM: 2081.13 MB
Total Virtual: 14265.22 MB
Available Virtual: 6839.51 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:327.46 GB) (Model: KBG50ZNV512G KIOXIA) NTFS

\\?\Volume{5e053ad1-83ed-4e04-a11a-419f61ef1119}\ (Windows RE tools) (Fixed) (Total:0.62 GB) (Free:0.06 GB) NTFS
\\?\Volume{14810eb6-ae0c-4a9e-a1d1-9d375e83fe53}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt =======================

DR M

#73
July 03, 2024, 05:35:18 PM
Mary Ann, it would be easier for you if you read carefully the instructions.

I asked you to click on the FIX button. You clicked on the Scan button instead.

Please, go on by clicking the FIX.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

#74
July 03, 2024, 06:36:02 PM
When I click on the window that asks if I want this program to make changes and hit yes, a box comes up with scan, search, search registry, fix. when I click fix i get a window telling me that no fixlst file found, the fixlist txt should be in the same folder/directory where the tool is located. the frst icon is no longer on my desktop.
Print
Go Up Pages 1 ... 3 4 5 6 7 ... 14
User actions