Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
1 - 12 of 12 Posts

·
Registered
Joined
·
1,494 Posts
Discussion Starter · #1 ·
(I was not able to download the Farbar Tool because Microsoft Edge would not allow the download indicting that it could contain a virus or other malware.)

This morning I contacted Adobe Support because I was having problems with Adobe Express. An Adobe technician remoted in to my computer and when I tried to use the mouse in order to ask a question, he would not let me control the mouse. I "fought" him for the mouse for a short time before shutting-down my computer. When I started the computer, the screen background remained black and when the initial start-up was beginning, something about "Adobe" flashed on the screen. I immediately thought that the technician was still accessing my computer and wanted to ask the Techsupportgyt,com experts about this. Please advise as to how I can determine if my computer is still in contact with the Adobe people and what I can do to get rid of the connection. Thanks in advance.
 

·
Registered
Joined
·
1,494 Posts
Discussion Starter · #3 ·
Cookiegal, thanks for your reply. I turned-off Defender and Defender SmartScreen, and added FRST64.exe to the sites allowed, but Edge still wouldn't allow me to open FRST.
 

·
Registered
Joined
·
1,494 Posts
Discussion Starter · #7 ·
Cookiegal, please see the attachment for a screenshot of the message that I see when I try to download FRST64. (I apologize for the small picture of the screenshot but for some reason "Print" only shows small pictures when I save a screenshot.) I will try to open FRST on Chrome.
Rectangle Font Electric blue Parallel Multimedia
 

·
Registered
Joined
·
1,494 Posts
Discussion Starter · #8 ·
Cookiegal, I was able to download and initiate FRST via Chrome. Please see below for the first page. The second page will follow in a separate reply.

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1023104244-2545508458-507804784-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1023104244-2545508458-507804784-503 - Limited - Disabled)
Guest (S-1-5-21-1023104244-2545508458-507804784-501 - Limited - Disabled)
User (S-1-5-21-1023104244-2545508458-507804784-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1023104244-2545508458-507804784-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.003.20282 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{3C99568B-C682-9AD0-47F3-96800229237D}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.49 - )
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Business Plan Pro 2004 (HKLM-x32\...\{C7BA228D-D0E9-44E5-B0B6-7AD4B0D6EBB0}) (Version: 7.16.0008 - Palo Alto Software)
Byki (HKLM-x32\...\{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}) (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Deluxe (HKLM-x32\...\Byki Deluxe) (Version: - Transparent Language, Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\{566A834D-2DDD-3376-B265-20E45991EB23}) (Version: 107.0.5304.107 - Google LLC)
GoTo Opener (HKLM-x32\...\{7659273F-0EB6-4ECB-BC7D-5889F3FD3075}) (Version: 1.0.562 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.30.326 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.22.947 - SurfRight B.V.)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{E848D060-9C53-4138-A2BC-F3357EDD3C91}) (Version: 12.12.6.1 - Apple Inc.)
Macrium Reflect Home (HKLM\...\{C7121B12-59C7-4D75-9F56-B3EB14C50B5C}) (Version: 8.0.7097 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home (HKLM\...\MacriumReflect) (Version: v8.0.7097 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.5.17.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.17.221 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.225.1026.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyDataBase (HKLM-x32\...\{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}) (Version: - )
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20292 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 5.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.7 - VS Revo Group, Ltd.)
RoboForm 9-3-7-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-3-7-7 - Siber Systems)
StrongVPN (HKLM\...\{1F0FB659-502A-4BF3-AB40-D25BB14FE36C}) (Version: 2.6.2.0 - Strong Technology, LLC) Hidden
StrongVPN (HKLM-x32\...\{9d65bde1-0048-4fe8-bf48-02b946435252}) (Version: 2.6.2.0 - Strong Technology, LLC)
TalkHelper Call Recorder for Skype version 5.50 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 5.50 - TalkHelper Team)
Vehicle Manager 2022 Home (HKLM-x32\...\{EDE577B6-48B4-441A-9BD8-63E724D13A1B}_is1) (Version: 3.0.1015.0 - Kaizen Software Solutions)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wise Disk Cleaner 10.9.5 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.9.5 - WiseCleaner.com, Inc.)
Zoom (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\ZoomUMX) (Version: 5.11.11 (8425) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.7.403.0_x64__ynb6jyjzte8ga [2022-08-20] (Adobe Inc.)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2022-05-20] (Audible Inc)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.29.0_x64__dxp88312j1fgj [2022-05-20] (ICEpower)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-05] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-05-20] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-18] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-20] (Microsoft Corporation)
Quick Blackout Redactor Free -> C:\Program Files\WindowsApps\20037TeusBenschop.QuickBlackoutRedactorFree_1.0.2.0_x64__8hzv146k7wbn0 [2022-05-20] (Teus Benschop)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-05-20] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2022-05-20] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\GoToMeeting\19950\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll -> No File
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll -> No File
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll -> No File
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll -> No File
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2022-09-20] (SurfRight B.V. -> SurfRight B.V.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-10-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2022-10-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-05] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-05-21 10:00 - 2009-05-21 10:00 - 000278528 _ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\AEEngine.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000303104 _ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\KeyMapper.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000409600 _ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\svg-cairo.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 002535424 _ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLVideo.dll
2021-01-14 05:40 - 2021-01-14 05:40 - 000168089 _ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\liblzo2-2.dll
2021-01-14 05:40 - 2021-01-14 05:40 - 000106309 _ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\libpkcs11-helper-1.dll
2019-08-15 18:13 - 2019-08-15 18:13 - 000989184 _ () [File not signed] C:\Program Files\StrongVPN\runtimes\win-x86\native\e_sqlite3.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 040403968 _ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 000052224 _ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2020-11-28 12:17 - 2020-11-28 12:17 - 001123840 _ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2009-08-20 05:37 - 2009-08-20 05:37 - 001585152 _ (Envion) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLSound.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000614400 _ (hxxp://cairographics.org) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\libcairo.dll
2022-04-21 21:47 - 2022-04-21 22:02 - 042859520 _ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.dll
2001-04-14 21:32 - 2001-04-14 21:32 - 000431376 _ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\riched20.dll
2004-08-04 13:56 - 2004-08-04 13:56 - 000406528 _ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\USP10.dll
2022-05-20 12:36 - 2022-05-20 12:36 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-05-20 12:36 - 2022-05-20 12:36 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-03-02 08:46 - 2019-09-04 11:51 - 006054912 _ (TalkHelper Team) [File not signed] C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TH_Trunk.dll
2021-01-14 05:40 - 2021-01-14 05:40 - 003140848 _ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libcrypto-1_1.dll
2021-01-14 05:40 - 2021-01-14 05:40 - 000956349 _ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\Desktop\Leidos - Receipts for Minutes for Work Phone and Receipt for a Screen Protector and Case for New iPhone.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Leidos - Receipts for Minutes for Work Phone and Receipt for a Screen Protector and Case for New iPhone.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 1.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 1.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 4 (Strip Map).jpeg:3or4kl4x13tuuug3Byamue2s4b [0]
AlternateDataStreams: C:\Users\User\Desktop\NEO Paperwork - Page 4 (Strip Map).jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #1.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #1.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #3.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #4.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #5.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #6.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #7.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\Personal Trainer Training Courses - Page #7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://npr.com/
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.3.7.7\RoboForm-x64.dll [2022-11-03] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.3.7.7\roboform.dll [2022-11-03] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.3.7.7\RoboForm-x64.dll [2022-11-03] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.3.7.7\roboform.dll [2022-11-03] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.3.7.7\RoboForm-x64.dll [2022-11-03] (Siber Systems -> Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 06:03 - 2017-03-19 06:01 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\Burn the Ships_edited.jpg
DNS Servers: 198.18.0.1 - 198.18.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "IDrive Tray"
HKLM\...\StartupApproved\Run32: => "IDrive Background process"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "HDSoft"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "TalkHelper"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "EPSDNMON"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AD27B050-1FA7-494D-8496-638F23DF2423}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45089642-65A5-4DA1-AA44-3FB609E2C9EA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{20064B7A-D1F5-46D1-AA2D-27BD1F47B879}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{F0E495A9-F170-4498-AF95-D9D1C8F9E7CC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{791E8962-70E0-4221-841F-A2762E3F2A94}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [UDP Query User{C6566448-2E6B-4614-8FAF-6D5B93929E7F}C:\users\user\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\user\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{12AD52B6-BA30-411D-9848-AD1BCE9EDE77}C:\users\user\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\user\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{4104BEA0-EDAE-4A44-A117-622902C8E4F0}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe => No File
FirewallRules: [UDP Query User{E21A4BCC-9129-486D-8E0A-3B1B664590E8}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe => No File
FirewallRules: [{720A3932-4F93-4D0E-B4D4-4C7FA526032F}] => (Block) C:\program files (x86)\idrivewindows\id_win.exe => No File
FirewallRules: [{9F5259A6-872B-4784-8ADE-1EE6BEF583A6}] => (Block) C:\program files (x86)\idrivewindows\id_win.exe => No File
FirewallRules: [{84ED72C6-3EFE-4015-8D07-2AB71DF60C8C}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\6v\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{2EF143CC-8AC3-434A-8645-F4FF09A3C0F4}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\6v\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{B4F2A7BB-7AC4-449D-9652-234D623C8776}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\cs\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{0C02ED10-ADA9-42F4-A0DA-02AD0D817A0E}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\cs\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{2E4274D9-FC05-4161-B4C8-87A57B15543D}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\c3\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{EE6993FF-560A-4D15-93B3-64BCE8C283F3}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\c3\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{2DDDFE94-AEBA-4A31-96B7-0C6B21A6F1ED}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\3q\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{F8FC567E-6CF2-40D3-9AA5-FDACE7850C66}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\3q\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{5F3C2858-36F4-4152-AFD5-7A1A0F05C0EE}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\xp\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{5FA1CD1E-C529-480F-98A3-3F6DBD1D1D10}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\xp\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{67E26F0F-F9C1-4293-9B98-346AFAFAB7CC}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\ts\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{8428DE4D-F655-49B1-AB93-014C62BE0594}] => (Allow) C:\Users\User\AppData\Local\Temp\HelpDesk\ts\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{FDC9A849-3AA4-4033-8A17-8FAA0E18FC8B}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{01E3EECE-6278-4681-84F4-0AEE209463CF}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{31032DEC-C5C3-4A97-8CA8-62FBFB48F576}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8846F37A-3E70-4FCB-8C99-18E09AF80E1B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53497CB7-5A37-460A-9543-6972E9414AAB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E74A86E9-592F-46D3-869E-A52E754829BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E897D5EC-1F7E-4BCE-86F7-52643F907397}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A7CDA882-022B-4589-8137-E2D1158BEB48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{353CE394-6456-48A5-A31D-6688E2DEA07C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46556F83-11D9-411D-AB54-2CC5FEF372CF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/25/2022 10:00:01 AM) (Source: Acronis Scheduler) (EventID: 1) (User: DESKTOP-7RCNB9G)
Description: Scheduler failed to run task >> "" with GUID 'FDE3E71C-2412-4847-928C-AD8BC32C3AE8' because of error 267> (The directory name is invalid.).

Error: (11/25/2022 09:49:49 AM) (Source: HitmanPro.Alert) (EventID: 800) (User: )
Description: Malware found:
Generic ML PUA
C:\Users\User\Downloads\FRST64.exe
Mitigation MalwareBlocked
Timestamp 2022-11-25T00:49:49

Platform 10.0.19044/x64 v947 6f_70
PID 16644
Application C:\Users\User\Downloads\FRST64.exe
Created 2022-11-25T00:49:34
Description Generic ML PUA


Process Trace
1 C:\Program Files\Google\Chrome\Application\chrome.exe [16644]
2 C:\Windows\explorer.exe [12132]

Dropped Files
1 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25e978403f859f87_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
2 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\848050b166f33398_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
3 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3f86d2fa62b1a06a_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
4 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf5c26de47baa967_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
5 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f47765e973b9610_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
6 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d475c14edbe8f6b5_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
7 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\528da89d59515d7b_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
8 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e8a20bc444aaa4a3_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
9 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\104ff891ccab8a9a_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
10 C:\Users\User\Downloads\6d677c3a-df67-4264-b6be-65a2889e09c6.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
Read by \Device\HarddiskVolume3\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1588]
11 C:\Users\User\AppData\Local\Google\Chrome\User Data\216dbc61-eea2-4803-8fcc-c7b71e9c7092.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
12 C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State~RF54a142a.TMP
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
13 C:\Users\User\AppData\Local\Temp\aa079a65-ea51-4095-9ee4-ed482ac0f47c.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
14 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be395d6fce874057_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
15 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44268aba44061cb8_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
16 C:\Users\User\AppData\Local\Temp\dc91f8a7-7d91-4444-9e92-4d2288baee91.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
17 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\39aabc23-ede9-49a6-b379-8b06bf99d79b.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
18 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\d71e83dc-1ec0-4673-801a-89935459a5d3.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
19 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF54a305d.TMP
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
20 C:\Users\User\AppData\Local\Temp\b9a2ac23-ade8-414b-bb21-a754f01366b3.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
21 C:\Users\User\AppData\Local\Temp\ae5b87df-9a4b-49a3-957b-b10ed8f1b9a1.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
22 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b842ae5f9b557ec6_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
23 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33a472c2bf702202_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
24 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24d69aff2461048d_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
25 C:\Users\User\AppData\Local\Temp\7b47590c-3f39-4da8-bb7e-acc69e394af3.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
26 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82b4ae79e18de815_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
27 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\05de3299-7d9c-43be-8376-605120ee4630.tmp
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
28 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF54a42bc.TMP
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
29 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8e513c5a702e5aa5_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
30 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d98c19f08a4442f_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
31 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6de09f6c02c91e85_0
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
32 C:\Users\User\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000024
Dropped by \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [16644]
1 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\12dc1ea8e34b5a6.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\FRST Unable to be Downloaded Screenshot.png.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
3 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Screenshot of FRST Message of Not Being Able to be Downloaded.png.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
4 C:\$RECYCLE.BIN\S-1-5-21-1023104244-2545508458-507804784-1001\$I5RJEEJ.png
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]

Thumbprints
4da5c61652c9929fb3aaddf57e581ad4590a103e84e6271414e6d3e11f7dd1f4

Error: (11/25/2022 09:35:45 AM) (Source: HitmanPro.Alert) (EventID: 800) (User: )
Description: Malware found:
Generic ML PUA
C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\af06e109-abd8-46a0-b374-6a04ed3a1490\FRST64.exe
Mitigation MalwareBlocked
Timestamp 2022-11-25T00:35:45

Platform 10.0.19044/x64 v947 6f_70
PID 13404
Application C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\af06e109-abd8-46a0-b374-6a04ed3a1490\FRST64.exe
Created 2022-11-25T00:35:35
Description Generic ML PUA


Process Trace
1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2 C:\Windows\explorer.exe [12132]

Dropped Files
1 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
2 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
3 C:\Users\User\AppData\Local\Temp\064200eb-ea92-4742-914f-a2bfc368b076.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
4 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b0b80b2bd02af67_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
5 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70802dfa364950af_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
6 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1792db21eaa9e2c5_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
7 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\848050b166f33398_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
8 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d08b38b33b32290e_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
9 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\528da89d59515d7b_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
10 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8a20bc444aaa4a3_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
11 C:\Users\User\AppData\Local\Temp\1da7f5cf-76ec-4289-9d2e-bc12f0dc0e98.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
12 C:\Users\User\AppData\Local\Temp\f3f66692-169b-46b3-8913-c458eaffb464.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
13 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\0d5265fe-c03b-4b46-898b-44ebf19c4fea.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
14 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State~RF53d3211.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
15 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\dc6dcd86-a65c-4961-8974-80108e401ba0.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
16 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF53d332b.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
17 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\451f170c2ec1d650_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
18 C:\Users\User\Downloads\f46046c3-fe27-4270-bd40-0cf5b5dcd207.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
Read by \Device\HarddiskVolume3\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1588]
19 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
20 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
21 C:\Users\User\AppData\Local\Temp\2b51dcee-7864-4d78-b06c-b989b384f414.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
22 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\d67932b5-9ad8-4d0d-9e36-b16a2abbb244.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
23 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF53d5c4e.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
1 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Sound.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
3 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\12dc1ea8e34b5a6.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
4 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\FRST Unable to be Downloaded Screenshot.png.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]

Thumbprints
4da5c61652c9929fb3aaddf57e581ad4590a103e84e6271414e6d3e11f7dd1f4

Error: (11/25/2022 09:35:00 AM) (Source: HitmanPro.Alert) (EventID: 800) (User: )
Description: Malware found:
Generic ML PUA
C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\dc03f979-790c-4461-bf2e-2f54f8f6a92d\FRST64.exe
Mitigation MalwareBlocked
Timestamp 2022-11-25T00:35:00

Platform 10.0.19044/x64 v947 6f_70
PID 13404
Application C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\dc03f979-790c-4461-bf2e-2f54f8f6a92d\FRST64.exe
Created 2022-11-25T00:34:49
Description Generic ML PUA


Process Trace
1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2 C:\Windows\explorer.exe [12132]

Dropped Files
1 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbfafaa0beac617a_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
2 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\94531fa1-924c-4dfb-b5be-2c3dd2b7286b.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
3 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State~RF53bb499.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
4 C:\Users\User\AppData\Local\Temp\f3f66692-169b-46b3-8913-c458eaffb464.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
5 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b0b80b2bd02af67_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
6 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70802dfa364950af_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
7 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1792db21eaa9e2c5_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
8 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\483cdf90bea9aa3c_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
9 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\848050b166f33398_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
10 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b127e81e799eef8_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
11 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\690bd1773ff0bc66_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
12 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\528da89d59515d7b_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
13 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8a20bc444aaa4a3_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
14 C:\Users\User\AppData\Local\Temp\41b7a788-e1c8-47be-b328-2deb3b5085fd.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
15 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e09c027db5163450_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
16 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2873977e688fbdae_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
17 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a033a478f9fb4fb3_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
18 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21f22fa3ac8ee36f_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
19 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\674822ae-c4a3-448e-a684-cb10fb23ae75.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
20 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF53bd4a4.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
21 C:\Users\User\AppData\Local\Temp\af76d5aa-bfd3-41ad-8581-272a01ea46fd.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
22 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\6f5b4788-f0d5-4c78-a9a7-312e18f40741.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
23 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State~RF53be703.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
24 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
25 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RF53c17e7.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
26 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
27 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
28 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8e72ed4ec41d4d1_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
29 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07e41c6c7a18b62c_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
30 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05e99d759d55af9b_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
31 C:\Users\User\Downloads\2bad7401-2506-466d-a8e4-7aee5b42c39a.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
Read by \Device\HarddiskVolume3\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1588]
32 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
33 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
34 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\fb8a4d9e-02ce-43d6-9329-d6ebe0cbae50.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
35 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State~RF53c95b2.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
36 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\29eed00b-dee8-4f8a-b39f-87f93cadada4.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
37 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF53c96cb.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
38 C:\Users\User\AppData\Local\Temp\6a2792aa-4489-4044-bbfb-6da8a0f9e0c1.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
1 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Sound.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
3 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\12dc1ea8e34b5a6.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
4 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\FRST Unable to be Downloaded Screenshot.png.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]

Thumbprints
4da5c61652c9929fb3aaddf57e581ad4590a103e84e6271414e6d3e11f7dd1f4

Error: (11/25/2022 09:29:28 AM) (Source: HitmanPro.Alert) (EventID: 800) (User: )
Description: Malware found:
Generic ML PUA
C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\ecfbea51-ac70-459e-8799-93d4c959ecee\FRST64.exe
Mitigation MalwareBlocked
Timestamp 2022-11-25T00:29:28

Platform 10.0.19044/x64 v947 6f_70
PID 13404
Application C:\Users\User\AppData\Local\Temp\MicrosoftEdgeDownloads\ecfbea51-ac70-459e-8799-93d4c959ecee\FRST64.exe
Created 2022-11-25T00:29:15
Description Generic ML PUA


Process Trace
1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2 C:\Windows\explorer.exe [12132]

Dropped Files
1 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\528da89d59515d7b_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
2 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8a20bc444aaa4a3_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
3 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba41c2c6956706ef_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
4 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c3f48c6654dae37_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
5 C:\Users\User\AppData\Local\Temp\56bc7788-b3d8-4cf1-99d2-5392d3a1482b.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
6 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\383417fcf883cd7e_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
7 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\321f401ee4320149_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
8 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6505e781efc78c95_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
9 C:\Users\User\AppData\Local\Temp\c9a72cc7-e953-4092-8735-0412612b7e4a.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
10 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
11 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
12 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\848050b166f33398_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
13 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7162c06fb0ab8434_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
14 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46f8764c9ba17694_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
15 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f47765e973b9610_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
16 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\7bc1c9fa-4fde-4901-b519-965a952ba508.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
17 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF5376cc6.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
18 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab960ea1cbe65702_0
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
19 C:\Users\User\Downloads\41eb2cfb-85f0-4ca3-a7a5-f4ff25ec7965.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
Read by \Device\HarddiskVolume3\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1588]
20 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\74bccc8b-fd9c-4980-a697-02ea435d69b6.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
21 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State~RF5377aef.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
22 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
23 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
24 C:\Users\User\AppData\Local\Temp\2227aac7-086b-4ced-8e91-a521a7ba8adc.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
25 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\f5a0e79c-bb48-4ebe-b743-fed75f4a0d1a.tmp
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
26 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF537954d.TMP
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
27 C:\Users\User\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_0000fc
Dropped by \Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [13404]
1 C:\Users\User\AppData\Local\Temp\{59BA765B-4798-4054-8B82-0A9F8292FA62}.png
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
2 C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{60D9628F-5DEE-111D-0ED2-B314170BD827}.png
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
3 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]
4 C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Sound.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [12132]

Thumbprints
4da5c61652c9929fb3aaddf57e581ad4590a103e84e6271414e6d3e11f7dd1f4

Error: (11/25/2022 08:59:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhoneExperienceHost.exe, version: 1.22092.214.0, time stamp: 0x63558578
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2193, time stamp: 0x7f7062e1
Exception code: 0xe0434352
Fault offset: 0x000000000002cd29
Faulting process id: 0x3f14
Faulting application start time: 0x01d90060d832aca1
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2bd2babd-02f0-435e-b371-c89b87ed0905
Faulting package full name: Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (11/25/2022 08:59:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PhoneExperienceHost.exe
CoreCLR Version: 6.0.1122.52304
.NET Version: 6.0.11
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80070490): Element not found. (0x80070490)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode)
at YourPhone.Services.ComRegistrationServices.RegisterClassObject(Guid clsid, Object factory)
at YourPhone.Services.ComRegistrationServices.RegisterObjects(Boolean keepAliveUntilCreated)
at YourPhone.YourPhoneApp.Activated(LaunchSource launchSource, Uri argument)
at YourPhone.Extensions.LifecycleHelperExtensions.<>c__DisplayClass0_0.<SetupAppStart>b__0(LifecycleHelper l, LifecycleEventArgs a)
at YourPhone.Services.LifecycleHelper.RaiseActivated(LaunchSource launchSource, Uri protocol)
at YourPhone.App.OnActivated(ExtendedActivationKind activationKind, LaunchSource launchSource, Uri protocolUri)
at YourPhone.App.OnLaunchedAsync(LaunchActivatedEventArgs args)
at YourPhone.Utilities.TaskExtensions.<>c.<ThrowAsync>b__6_1(Object state)
at System.Threading.QueueUserWorkItemCallbackDefaultContext.Execute()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading.PortableThreadPool.WorkerThread.WorkerThreadStart()
at System.Threading.Thread.StartCallback()

Error: (11/25/2022 08:59:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhoneExperienceHost.exe, version: 1.22092.214.0, time stamp: 0x63558578
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2193, time stamp: 0x7f7062e1
Exception code: 0xe0434352
Fault offset: 0x000000000002cd29
Faulting process id: 0x306c
Faulting application start time: 0x01d90060c0f1fa43
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a00bd89e-c0ef-4ba9-96aa-2aafa602f6a2
Faulting package full name: Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App


System errors:
=============
Error: (11/25/2022 09:00:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/25/2022 08:59:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/25/2022 08:58:31 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/25/2022 08:57:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/25/2022 08:56:19 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/25/2022 08:52:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/24/2022 09:06:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.

Error: (11/24/2022 09:05:46 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-09-09 21:37:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-09-08 21:47:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-09-08 21:37:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-09-07 20:35:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-09-06 21:05:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-08-22 18:53:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.705.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-08-10 21:24:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.92.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===============
Date: 2022-11-25 09:58:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.23 05/27/2019
Motherboard: SR Squirtle_SR
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 54%
Total physical RAM: 11733.37 MB
Available physical RAM: 5366.43 MB
Total Virtual: 13525.37 MB
Available Virtual: 5285.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.84 GB) (Free:618.17 GB) (Model: Samsung SSD 860 EVO 1TB) NTFS

\\?\Volume{82c0cae9-ebd2-4b10-b510-01dc5d7dc5fa}\ () (Fixed) (Total:0.56 GB) (Free:0.08 GB) NTFS
\\?\Volume{a0f69297-3a9d-4b11-9a7c-f9a831e7a696}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

·
Administrator
Joined
·
124,121 Posts
OK this is a known issue because of a particular file name in the log. Please zip both logs (complete logs) and upload the zipped files. To zip a file:

Right-click the file then select "Send to" then "Compressed (zipped) folder". A new zipped file with the same name will be created in the same location for each of the logs. Upload both of those zip files as attachments please.
 

·
Registered
Joined
·
1,494 Posts
Discussion Starter · #11 ·
Cookiegal, please see the three (3) attachments for compressed copies of the FRST Scans. There is one (1) copy of the FRST Additional Scan and two (2) copies of the FRST Scan. I am sending two (2) copies of the FRST Scan because one came in after the other. They might be the same scans? Thanks again for your help.
 

Attachments

1 - 12 of 12 Posts
Top