Waiting for reply Microsoft Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

[BIC1]

Windows 11 HP Desktop. A few months ago, I clicked on something and got some scareware. I didn't click on anything else as demanded. I had a little difficulty closing the tab, but eventually closed it and things seemed OK.

I ran multiple full scans using Windows Defender and a few other free online scanners, I don't remember which ones. All pronounced the PC clean. I tried to run Defender's offline root scanner as well as another free online root scanner. For both, Windows seemed to crash. I tried both multiple times a few months ago with the crash happening well into the scans.

My PC seems to be OK these last few months, doing quick & full scans with Defender. I tried the Defender offline root scan a few days ago. Finally, success in completing the scan. I checked the Event Viewer for results. Maybe about 100 log entries. Many entries seem routine but some are similar to the two examples below:

Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService\WdConfigHash = 0x1B094E8E
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService\WdConfigHash = 0x10D09909

Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService\WdConfigHash = 0x50C86BA8
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService\WdConfigHash = 0x4A31BE0D

What does "may" mean? I don't know how to interpret the settings. Am I good? Any suggestions for online root scanners? What should I do? Thanks.

 

[icotonev]

Hello..! Welcome to MalwareTips..!

My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:

• First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
• It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please attach all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 3 days I will assume it has been abandoned and I will close it.

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[BIC1]

Attached. I used the default settings. Should I use the optional settings, particularly the 90 day files as this occurred more than 90 days ago? Thanks.

 

[icotonev]

Ran by twin9 (ATTENTION: The user is not administrator) on BC-HP_ENVY_DESK (HP HP ENVY TE01-3xxx) (19-02-2025 11:59:48)

Please run another scan while logged in under the Admin account and post both reports.

 

[BIC1]

Attached as Admin. Thanks.

 

[BIC1]

Something went wrong on previous files.

 

[icotonev]

Attached as Admin. Thanks.

Thank you..! Unfortunately, the file is FRST-2.txt empty..!

 

[BIC1]

Sorry, check my post #6.

 

[icotonev]

Good morning ..!

Administrator (S-1-5-21-1164435273-2498218214-147930515-500 - Administrator - Disabled)
BIC (S-1-5-21-1164435273-2498218214-147930515-1004 - Administrator - Enabled) => C:\Users\BIC
DAP (S-1-5-21-1164435273-2498218214-147930515-1003 - Administrator - Enabled) => C:\Users\DAP
dapra (S-1-5-21-1164435273-2498218214-147930515-1002 - Administrator - Enabled)
DefaultAccount (S-1-5-21-1164435273-2498218214-147930515-503 - Limited - Disabled)
Guest (S-1-5-21-1164435273-2498218214-147930515-501 - Limited - Disabled)
twin9 (S-1-5-21-1164435273-2498218214-147930515-1001 - Limited - Enabled) => C:\Users\twin9
WDAGUtilityAccount (S-1-5-21-1164435273-2498218214-147930515-504 - Limited - Disabled)

Sorry, check my post #6.

The diary is again ..:

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2025
Ran by twin9 (ATTENTION: The user is not administrator) on BC-HP_ENVY_DESK (HP HP ENVY TE01-3xxx) (19-02-2025 12:56:40)
Running from C:\Users\twin9\OneDrive\Desktop\FRST64.exe
Loaded Profiles: twin9 & BIC
Platform: Microsoft Windows 11 Home Version 24H2 26100.3194 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Garmin\Express\express.exe ->) (The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe <3>
(C:\Users\twin9\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\twin9\AppData\Local\Programs\Opera\116.0.5366.127\opera_crashreporter.exe
(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>
(explorer.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\twin9\AppData\Local\Programs\Opera\opera.exe <92>
(HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\BridgeCommunication.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.010.0119.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27703.1006.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27703.1006-0\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2502.5002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25011.11.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
Failed to access process -> AggregatorHost.exe
Failed to access process -> AppHelperCap.exe
Failed to access process -> armsvc.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> DiagsCap.exe
Failed to access process -> dwm.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> IntuitUpdateService.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LsaIso.exe
Failed to access process -> lsass.exe
Failed to access process -> MBAMService.exe
Failed to access process -> MpDefenderCoreService.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> NetworkCap.exe
Failed to access process -> NgcIso.exe
Failed to access process -> NisSrv.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> RstMwService.exe
Failed to access process -> RtkAudUService64.exe
Failed to access process -> RtkBtManServ.exe
Failed to access process -> SchedulesMonitor.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> SECOMN64.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> services.exe
Failed to access process -> smss.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SysInfoCap.exe
Failed to access process -> TouchpointAnalyticsClientService.exe
Failed to access process -> unsecapp.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WMIRegistrationService.exe
Failed to access process -> XtuService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [612304 2019-11-18] (NIKON CORPORATION -> Nikon Corporation)
HKLM\...\RunOnce: [TzSyncRunOnce] => C:\Windows\System32\tzsync.exe [210944 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\RunOnce: [DEL_ST_CPL] => CMD /C del "C:\WINDOWS\TEMP\ST_CPL.pkg.XML" /F (No File) <==== ATTENTION
HKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007376 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494560 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31354648 2024-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\WINDOWS\system32\hpinksts7212LM.dll [336904 2014-06-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6830): C:\WINDOWS\system32\HPDiscoPM7212.dll [764576 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2021-06-12] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b26e3d7a-b7be-4e1c-b9b5-173e9fa2a891}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b26e3d7a-b7be-4e1c-b9b5-173e9fa2a891}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{bc5d1807-7475-4c20-8c2b-16c91475a6ca}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]
Edge Session Restore: Default -> is enabled.
Edge Extension: (LastPass: Free Password Manager) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2025-02-19]
Edge Extension: (The Camelizer) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpggaanjmbjoahhknlajnhdhkljekpbg [2024-03-18]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpikpibllpjmpnchjajlibnmmomnnhnm [2025-02-19]
Edge Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcbmiimfkmkkkffjlopcpdlgclncnknm [2025-02-19]
Edge Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2025-02-19]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2025-02-19]
Edge Extension: (Google Docs Offline) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-02-19]
Edge Extension: (Edge relevant text changes) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-18]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2025-02-19]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2025-02-07]
Edge Extension: (McAfee® Web Boost) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lamehkegphbbfdailghaeeleoajilfho [2024-03-18]
Edge Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2025-02-19]
Edge Extension: (IE Tab) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npjkkakdacjaihjaoeliacmecofghagh [2024-11-17]
Edge Extension: (PureVPN Proxy - Best VPN for Edge) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmekdamgipmmgecfoogolgafcdfigoec [2024-03-18]

FireFox:
========
FF DefaultProfile: 5ghekfh6.default
FF ProfilePath: C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\5ghekfh6.default [2024-03-18]
FF ProfilePath: C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release [2025-02-19]
FF Session Restore: Mozilla\Firefox\Profiles\xn56v5jb.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\xn56v5jb.default-release -> hxxps://teslamotorsclub.com
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\firefox@ghostery.com.xpi [2024-12-02]
FF Extension: (LastPass) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\support@lastpass.com.xpi [2025-01-21]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2024-03-20]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-01-29] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]
CHR HomePage: Default -> hxxps://us-mg5.mail.yahoo.com/neo/launch?.rand=17l3si397sm4p
CHR StartupUrls: Default -> "hxxp://us.yahoo.com/?fr=fpc-comodo&tag=cs_hp"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-12]
CHR Extension: (The Camelizer) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2024-06-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2025-02-19]
CHR Extension: (IE Tab) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2024-10-28]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2025-02-19]
CHR Extension: (McAfee® Web Boost) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2024-09-17]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2025-02-12]
CHR Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2025-02-19]
CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2025-02-19]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2025-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13617384 2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.010.0119.0002\FileSyncHelper.exe [3532832 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe [888416 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe [887392 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe [883808 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe [887904 2025-01-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-08] (HP Inc. -> HP Inc.)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [19320 2023-09-15] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-19] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NlaSvc; C:\WINDOWS\System32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_42a8f84195a93e6e\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.010.0119.0002\OneDriveUpdaterService.exe [3879440 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
R2 SyncBackFreeSchedulesMonitor; C:\Program Files (x86)\2BrightSparks\SyncBackFree\SchedulesMonitor.exe [3448560 2024-07-01] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 edwntdrv; C:\WINDOWS\system32\edwntdrv.sys [27728 2023-04-07] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1617096 2024-05-06] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [232024 2025-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl87de0ed2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DF738F0-8CED-41DD-B4F5-66EE68568C37}\MpKslDrv.sys [267552 2025-02-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
R0 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [169408 2025-02-08] (Microsoft Windows -> Microsoft Corporation)
R3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
R3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2025-02-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-02-19 12:56 - 2025-02-19 12:56 - 000025910 _____ C:\Users\twin9\OneDrive\Desktop\FRST.txt
2025-02-19 12:52 - 2025-02-19 12:52 - 000031276 _____ C:\Users\twin9\OneDrive\Desktop\Addition-2.txt
2025-02-19 12:52 - 2025-02-19 12:52 - 000000197 _____ C:\Users\twin9\OneDrive\Desktop\FRST-2.txt
2025-02-19 12:07 - 2025-02-19 12:07 - 000051391 _____ C:\Users\twin9\Downloads\FRST.txt
2025-02-19 12:00 - 2025-02-19 12:01 - 000031662 _____ C:\Users\twin9\OneDrive\Desktop\Addition-1.txt
2025-02-19 11:59 - 2025-02-19 12:56 - 000000000 ____D C:\FRST
2025-02-19 11:59 - 2025-02-19 12:52 - 000058312 _____ C:\Users\twin9\OneDrive\Desktop\FRST-1.txt
2025-02-19 11:57 - 2025-02-19 11:57 - 002403840 _____ (Farbar) C:\Users\twin9\OneDrive\Desktop\FRST64.exe
2025-02-16 09:21 - 2025-02-16 09:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-02-14 16:14 - 2025-02-14 16:14 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2025-02-14 13:55 - 2025-02-14 12:00 - 000000000 ____D C:\Windows.old
2025-02-14 13:54 - 2025-02-14 13:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2025-02-14 13:53 - 2025-02-14 13:53 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-14 13:51 - 2025-02-14 13:51 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-14 13:51 - 2025-02-14 13:51 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-02-14 13:51 - 2025-02-14 13:51 - 000005264 _____ C:\WINDOWS\system32\ecoscore_config.json
2025-02-14 13:51 - 2025-02-14 13:51 - 000000998 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files\Reference Assemblies
2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files\MSBuild
2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2025-02-14 12:03 - 2025-02-19 10:31 - 000836658 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-14 12:02 - 2025-02-14 12:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2025-02-14 12:00 - 2025-02-19 10:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-14 12:00 - 2025-02-14 12:00 - 000000020 ___SH C:\Users\twin9\ntuser.ini
2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\SystemCertificates
2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Network
2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Crypto
2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2025-02-14 11:58 - 2025-02-19 10:27 - 000000438 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-02-14 11:56 - 2025-02-19 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-14 11:56 - 2025-02-14 14:13 - 000000000 ____D C:\Users\BIC
2025-02-14 11:56 - 2025-02-14 12:01 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Windows
2025-02-14 11:56 - 2025-02-14 12:00 - 000000000 ____D C:\Users\twin9
2025-02-14 11:56 - 2025-02-14 11:59 - 000000000 ____D C:\Users\DAP
2025-02-14 11:56 - 2025-02-14 11:57 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Spelling
2025-02-14 11:56 - 2025-02-14 11:56 - 000509040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-14 09:43 - 2025-02-14 09:43 - 000226138 _____ C:\Users\twin9\Downloads\Eyeglass Prescription 2024-09-27.pdf
2025-02-14 09:41 - 2025-02-14 09:41 - 000234788 _____ C:\Users\twin9\Downloads\Eyeglass & Contact Prescription 2024-09-27.pdf
2025-02-13 16:45 - 2025-02-14 12:00 - 000000000 ___DC C:\WINDOWS\Panther
2025-02-06 18:13 - 2025-02-19 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-02-03 08:02 - 2025-02-03 08:02 - 017775608 _____ C:\Users\twin9\Downloads\VA_IMG_CONTESS_SPINE_LUMBOSACRAL_MIN_2_VIEWS_14JAN2025.zip
2025-01-31 11:27 - 2025-01-31 11:27 - 068195981 _____ C:\Users\twin9\Downloads\VA_IMG_CONTESS_MRI_LUMBAR_SPINE_W_O_CONT_21JAN2025.zip
2025-01-28 12:02 - 2025-01-28 12:02 - 000036743 _____ C:\Users\twin9\Downloads\VA-labs-and-tests-details-BRUCE-CONTESS-1-28-2025_120238pm.pdf
2025-01-27 14:19 - 2025-01-27 14:19 - 000030808 _____ C:\Users\twin9\Downloads\Form1099R.pdf
2025-01-24 17:12 - 2025-01-24 17:12 - 000099004 _____ C:\Users\twin9\Downloads\2024 Collection and Holiday calendar-1.pdf
2025-01-24 12:18 - 2025-01-24 12:18 - 000242950 _____ C:\Users\twin9\Downloads\Schwab 1099-R Inherit IRA.pdf
2025-01-24 12:17 - 2025-01-24 12:17 - 000242846 _____ C:\Users\twin9\Downloads\Schwab 1099-R Rollover.pdf
2025-01-24 12:15 - 2025-01-24 12:15 - 002630145 _____ C:\Users\twin9\Downloads\Schwab Acct 858 Verification.pdf
2025-01-24 10:38 - 2025-01-24 10:38 - 003455597 _____ C:\Users\twin9\Downloads\F-14 Tomcat Tales.pdf
2025-01-23 10:29 - 2025-01-23 10:29 - 000121089 _____ C:\Users\twin9\Downloads\Online Transfers _ Charles Schwab to CACU.pdf
2025-01-22 17:06 - 2025-01-22 17:06 - 000104690 _____ C:\Users\twin9\Downloads\Connected Home Enrollment Details _ USAA.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-02-19 12:52 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-19 12:51 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-19 12:49 - 2024-03-17 19:37 - 000000000 ____D C:\Users\twin9\AppData\Local\D3DSCache
2025-02-19 12:43 - 2024-05-29 12:42 - 000000000 ____D C:\Users\twin9\AppData\Local\Malwarebytes
2025-02-19 12:42 - 2024-04-01 01:24 - 000000000 ____D C:\WINDOWS\INF
2025-02-19 12:28 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-19 12:21 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-19 11:34 - 2024-03-17 20:16 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Word
2025-02-19 10:34 - 2024-04-01 01:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-19 10:28 - 2024-03-17 19:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-19 10:27 - 2024-03-17 19:51 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-19 10:27 - 2024-03-17 18:21 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-18 16:44 - 2024-08-16 21:13 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\MMC
2025-02-18 15:32 - 2024-03-17 20:29 - 000000000 ____D C:\WINDOWS\Firmware
2025-02-16 12:00 - 2024-03-17 20:15 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Excel
2025-02-16 09:21 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\appcompat
2025-02-16 09:21 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-02-16 09:21 - 2024-03-17 20:04 - 000000000 ____D C:\Program Files\Microsoft Office
2025-02-16 09:13 - 2024-03-17 18:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-14 13:55 - 2024-07-30 13:29 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2025-02-14 13:55 - 2024-07-30 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2025-02-14 13:55 - 2024-07-06 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2025-02-14 13:55 - 2024-06-04 12:12 - 000000000 ____D C:\WINDOWS\system32\%userprofile%
2025-02-14 13:55 - 2024-05-29 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2025-02-14 13:55 - 2024-05-29 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NX Studio
2025-02-14 13:55 - 2024-05-29 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer 2
2025-02-14 13:55 - 2024-05-29 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2025-02-14 13:55 - 2024-05-25 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2025-02-14 13:55 - 2024-04-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2025-02-14 13:55 - 2024-04-01 01:29 - 000000000 ____D C:\WINDOWS\Setup
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\spool
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-02-14 13:55 - 2024-03-20 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS BitWiper
2025-02-14 13:55 - 2024-03-17 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-02-14 13:55 - 2022-05-07 00:10 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2025-02-14 13:54 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\schemas
2025-02-14 13:54 - 2024-03-18 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2025-02-14 13:54 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2025-02-14 13:54 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2025-02-14 13:53 - 2024-04-01 02:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-14 13:53 - 2024-04-01 02:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-14 13:53 - 2024-04-01 02:08 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-14 13:53 - 2024-04-01 02:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\WUModels
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\te-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\qps-plocm
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\qps-ploc
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\or-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\km-KH
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\is-IS
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\id-ID
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\et-EE
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\es-MX
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Com
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\be-BY
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\as-IN
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\am-ET
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\Provisioning
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\IME
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-14 13:53 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-14 13:52 - 2024-04-01 02:09 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2025-02-14 13:52 - 2024-04-01 02:09 - 000028898 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2025-02-14 13:52 - 2024-04-01 01:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2025-02-14 13:52 - 2024-04-01 01:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2025-02-14 13:51 - 2024-04-01 01:22 - 000063064 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2025-02-14 13:51 - 2024-04-01 01:22 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcPseDMA.dll
2025-02-14 13:51 - 2024-04-01 01:22 - 000062944 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2025-02-14 12:17 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-14 12:17 - 2024-03-17 19:37 - 000000000 ____D C:\Users\twin9\AppData\Local\Packages
2025-02-14 12:17 - 2024-03-17 18:22 - 000000000 ____D C:\ProgramData\Packages
2025-02-14 12:00 - 2024-04-01 01:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-02-14 12:00 - 2024-03-17 19:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-02-14 11:59 - 2024-03-17 19:38 - 000000000 ___RD C:\Users\twin9\OneDrive
2025-02-14 11:58 - 2024-04-01 01:26 - 000000000 __RHD C:\Users\Public\Libraries
2025-02-14 11:58 - 2024-04-01 01:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-14 11:57 - 2024-11-17 11:06 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2025-02-14 11:57 - 2024-06-02 10:53 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2025-02-14 11:57 - 2024-04-01 01:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2025-02-14 11:56 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2025-02-14 11:56 - 2024-03-17 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-02-14 09:42 - 2024-03-31 21:09 - 000000000 ____D C:\Users\twin9\Downloads\FireShot
2025-02-13 19:12 - 2024-03-19 07:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-02-13 19:12 - 2024-03-17 20:09 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-02-13 16:00 - 2024-03-18 21:12 - 000001386 _____ C:\Users\twin9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2025-02-12 19:31 - 2024-03-17 20:15 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Office
2025-02-12 08:16 - 2024-03-17 19:53 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-02-12 08:16 - 2024-03-17 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-02-11 23:22 - 2024-03-17 21:04 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-11 19:15 - 2024-03-17 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-11 19:11 - 2024-03-17 20:27 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2024-03-20 14:53 - 2024-03-20 14:53 - 000000066 _____ () C:\Users\twin9\AppData\Roaming\edw_user.ini

==================== FLock ==============================

2024-05-12 09:59 C:\Config.Msi
2024-04-01 01:26 C:\PerfLogs
2025-02-14 11:58 C:\WINDOWS\system32\config
2024-04-01 01:34 C:\WINDOWS\system32\Configuration
2024-04-01 01:26 C:\WINDOWS\system32\DriverState
2024-04-01 01:26 C:\WINDOWS\system32\ias
2025-02-14 13:55 C:\WINDOWS\system32\MsDtc
2024-04-01 01:26 C:\WINDOWS\system32\networklist
2025-02-19 12:45 C:\WINDOWS\system32\SleepStudy
2025-02-19 12:30 C:\WINDOWS\system32\sru
2025-02-14 12:00 C:\WINDOWS\system32\Tasks
2025-02-14 13:55 C:\WINDOWS\system32\Tasks_Migrated
2025-02-18 16:45 C:\WINDOWS\system32\WDI
2025-02-19 10:34 C:\Program Files\WindowsApps
2025-02-14 13:55 C:\WINDOWS\LiveKernelReports
2024-04-01 01:26 C:\WINDOWS\ModemLogs
2025-02-19 12:53 C:\WINDOWS\Prefetch
2025-02-14 13:55 C:\WINDOWS\ServiceState
2025-02-19 12:21 C:\WINDOWS\SystemTemp
2025-02-19 12:19 C:\WINDOWS\Temp
2025-02-14 13:53 C:\WINDOWS\WUModels
2024-04-01 01:34 C:\WINDOWS\SysWOW64\config
2024-04-01 01:34 C:\WINDOWS\SysWOW64\Configuration
2024-04-01 01:26 C:\WINDOWS\SysWOW64\Msdtc
2024-04-01 01:26 C:\WINDOWS\SysWOW64\NetworkList
2024-04-01 01:26 C:\WINDOWS\SysWOW64\sru
2024-04-01 01:34 C:\WINDOWS\SysWOW64\Tasks
2025-02-14 11:56 C:\WINDOWS\system32\Drivers\DriverData
2025-02-14 14:13 C:\Users\BIC
2025-02-14 11:59 C:\Users\DAP
2025-02-14 12:17 C:\ProgramData\Packages
2022-05-07 00:10 C:\ProgramData\WindowsHolographicDevices

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.
Access is denied.

==================== End of FRST.txt ========================

 

[icotonev]

.. And by the way, would you look at this connection:

Virus and Threat Protection in the Windows Security App - Microsoft Support

 

[BIC1]

@icotonev, my apology. On the last one, I right clicked "Run as Admin." Don't know why that didn't work. Now, I logged out and logged back in as Admin. Hopefully these attachments are correct.

 

[icotonev]

Hello, BIC1..! Excellent work..!

No signs of an active infection that I can see in your FRST logs.

I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications:

Scan with SecurityCheck by glax24

• Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
• Download SecurityCheck by glax24 from here
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

As a check to make sure we haven't overlooked anything, I'd like you to run an ESET online scan for me:

ESET Online Scan - ESET Online Scan - Eset Online Scanner will take some time, so be prepared.

ESET Online Scanner

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply

 

[BIC1]

@icotonev, SecurityCheck didn't offer "Run as Admin" but I think it did. I ran ESET back on August 13, 2024 when this issue first arose. That is also attached with the one from today. The one from August quarantined what seems to be 4 minor items although it appears to be 2 items duplicated twice. Today's ESET was clean. Thanks.

 

[icotonev]

Hello, BIC1..! Thank you..!

I recommend updating the software in the box below:

VLC media player v.3.0.20 Warning! Download Update
Mozilla Firefox (x64 en-US) v.135.0 Warning! Download Update
Malwarebytes version 5.2.5.158 v.5.2.5.158 Warning! Download Update

tried the Defender offline root scan a few days ago. Finally, success in completing the scan. I checked the Event Viewer for results. Maybe about 100 log entries. Many entries seem routine but some are similar to the two examples below:

The message you encountered in the Event Viewer after offline scanning showing that Microsoft Defender's antiviral configuration has changed is usually not a cause of an immediate alarm. I suggest checking system files and scanning for malware (this is already done and the answer is negative).


Check services with FSS

• Please download Farbar Service Scanner and save it on your Desktop.
• Right click on the tool icon and run it as administrator.
• Make sure all the options are checked.
• Click on the Scan button.
• It will create a log (FSS.txt) on your Desktop.
• Copy and paste the log's content to your next reply.

Farbar Recovery Scan Tool - Fix
Comment: checking system files

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.

In your next reply, please include:

• Fixlog.txt
• FSS.txt

 

[BIC1]

@icotonev, updated VLC, Malwarebytes & Firefox. Thanks.

 

[icotonev]

Windows Resource Protection did not find any integrity violations.

Good job ..! It's okay ..! If the scan is said to be no damaged files, it means your computer is good ..
If all is well I will provide your last few steps to clean up the tools we ran:

KpRm by Kernel-panik

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.