Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2020 Ran by H243170 (ATTENTION: The user is not administrator) on DKTP475832 (Hewlett-Packard HP EliteDesk 800 G1 SFF) (01-05-2020 17:01:03) Running from C:\Users\h243170\Downloads Loaded Profiles: SVC_MX_IXACHI2001 & H243170 (Available Profiles: Halliburton & defaultuser1 & H184346 & H188385 & H210900 & H219942 & H226636 & SVC_MX_IXACHI1101 & SVC_MX_IXACHI2001 & H237718 & H238298 & H243170 & HB30963 & H113478a) Platform: Windows 10 Enterprise Version 1903 18362.720 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Famatech Corp. -> Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe (Google LLC -> Google LLC) C:\Users\h243170\AppData\Local\Google\Chrome\Application\chrome.exe <15> (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\coredpussvr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Nicolas Coolman -> Nicolas Coolman) [File not signed] C:\Users\h243170\Desktop\ZHPCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\SmcGui.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\SymCorpUI.exe Failed to access process -> AERTSr64.exe Failed to access process -> armsvc.exe Failed to access process -> CcmExec.exe Failed to access process -> ccSvcHst.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> dasHost.exe Failed to access process -> DFGWcfHostingWindowsService.exe Failed to access process -> dllhost.exe Failed to access process -> DSRegistryService.exe Failed to access process -> dwm.exe Failed to access process -> EDK.Wellplan.WCFWindowsService32Host.exe Failed to access process -> FamItrfc.Exe Failed to access process -> fontdrvhost.exe Failed to access process -> fontdrvhost.exe Failed to access process -> halcsvc.exe Failed to access process -> HPSIsvc.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> igfxCUIService.exe Failed to access process -> jhi_service.exe Failed to access process -> LMS.exe Failed to access process -> lsass.exe Failed to access process -> MBAMService.exe Failed to access process -> pacjsworker.exe Failed to access process -> PFERemediation.exe Failed to access process -> PresentationFontCache.exe Failed to access process -> PulseSecureService.exe Failed to access process -> PulseSecureService.exe Failed to access process -> RAVBg64.exe Failed to access process -> RAVBg64.exe Failed to access process -> rserver3.exe Failed to access process -> RtkAudioService64.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> SecurityHealthService.exe Failed to access process -> sepWscSvc64.exe Failed to access process -> services.exe Failed to access process -> SgrmBroker.exe Failed to access process -> smss.exe Failed to access process -> spoolsv.exe Failed to access process -> sqlbrowser.exe Failed to access process -> sqlservr.exe Failed to access process -> sqlwriter.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> TiWorker.exe Failed to access process -> TPMProvisioningService.exe Failed to access process -> TrustedInstaller.exe Failed to access process -> unsecapp.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WUDFHost.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2019-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2019-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-10-23] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office16\lync.exe [22652704 2020-02-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Run: [Google Update] => C:\Users\h243170\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-04-28] (Google LLC -> Google LLC) HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Policies\Explorer: [DisallowCpl] 1 HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\Software\Policies\...\system: [GroupPolicyMinTransferRate] 0 HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\Halliburton.scr [4369105 2019-06-05] () [File not signed] HKLM\Software\...\Authentication\Credential Providers: [{4B9CAC01-6732-40d0-8B8F-B5B340F9D44F}] -> C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2017-03-09] (Pulse Secure, LLC -> ) HKLM\Software\...\Authentication\Credential Providers: [{4EFD0F35-BFBA-44eb-8F25-2B3530203C1D}] -> C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2017-03-09] (Pulse Secure, LLC -> ) HKLM\Software\...\Authentication\Credential Providers: [{C1258FBC-F04F-4862-B78A-DDAAEF4A9707}] -> C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2017-03-09] (Pulse Secure, LLC -> ) HKLM\Software\...\Authentication\Credential Providers: [{EAB1A79F-DFAA-4faf-A7B9-A6652E97EE16}] -> C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2017-03-09] (Pulse Secure, LLC -> ) HKLM\Software\...\Authentication\Credential Provider Filters: [{3884BCAA-C611-4e2d-9105-E11B1203294E}] -> C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2017-03-09] (Pulse Secure, LLC -> ) HKLM\Software\...\Winlogon\GPExtensions: [{346193F5-F2FD-4DBD-860C-B88843475FD3}] -> C:\WINDOWS\system32\CcmUsrCse.dll [2019-12-11] (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{4630dc6f-c10a-418e-a0a7-bf91409ee40c}: [NameServer] 34.34.132.1,34.36.132.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://Halworld.Corp.Halliburton.Com HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://Halworld.Corp.Halliburton.Com URLSearchHook: [S-1-5-21-8740799-2134930118-1361462980-1327673] ATTENTION => Default URLSearchHook is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-02-15] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-12-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2019-12-19] (SAP SE -> SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2019-12-19] (SAP SE -> SAP, Walldorf) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-19] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default [2020-05-01] CHR Notifications: Default -> hxxps://forospyware.com CHR Extension: (Slides) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-28] CHR Extension: (Docs) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-28] CHR Extension: (Google Drive) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-28] CHR Extension: (YouTube) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-28] CHR Extension: (Sheets) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-28] CHR Extension: (Google Docs Offline) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-28] CHR Extension: (Gmail) - C:\Users\h243170\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-28] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "carbonblackk" => service could not be unlocked. <==== ATTENTION R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [2201160 2019-12-11] (Microsoft Corporation -> Microsoft Corporation) S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [1023384 2019-11-04] (Microsoft Corporation -> Microsoft Corporation) R2 DfgServiceHost; C:\Landmark\EDT_5000.14\WellPlan\Services\32bit\DFGWcfHostingWindowsService.exe [7680 2016-07-19] (Halliburton Company) [File not signed] R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-29] (Hewlett-Packard Company -> HP) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370840 2018-11-23] (Intel Corporation -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) R2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-10-23] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) S3 LGC EDM Publishing; C:\Landmark\EDT_5000.14\Common Files\Data Services\AutoPrintService.exe [24576 2016-07-19] (Landmark Graphics Corporation) [File not signed] R2 LGC EDM Simultaneous Activity Monitor; C:\Landmark\EDT_5000.14\Common Files\JDK\jre\bin\client\DSRegistryService.exe [24576 2016-07-19] () [File not signed] R3 lmhosts; C:\WINDOWS\System32\svchost.exe [53744 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation -> Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-29] (Malwarebytes Inc -> Malwarebytes) R2 MSSQL$EDM5000; C:\Program Files\Microsoft SQL Server\MSSQL12.EDM5000\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation -> Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed] R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [53744 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C:\WINDOWS\system32\svchost.exe [53744 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-18] (Microsoft Windows Publisher -> Microsoft Corporation) R2 PFERemediation; C:\Program Files (x86)\Microsoft PFE Remediation for Configuration Manager\PFERemediation.exe [55960 2018-01-18] (Microsoft Corporation -> Microsoft) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed] R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2017-03-09] (Pulse Secure, LLC -> Pulse Secure, LLC) R2 RServer3; C:\WINDOWS\SysWOW64\rserver30\RServer3.exe [1164400 2017-12-07] (Famatech Corp. -> Famatech Corp.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2019-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5929920 2020-03-13] (Microsoft Windows Publisher -> Microsoft Corporation) S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\ccSvcHst.exe [159088 2019-11-09] (Symantec Corporation -> Symantec Corporation) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\ccSvcHst.exe [159088 2019-11-09] (Symantec Corporation -> Symantec Corporation) R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\sepWscSvc64.exe [1821832 2019-11-09] (Symantec Corporation -> Symantec Corporation) S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [347000 2019-12-11] (Access Denied) [File not signed] S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\snac64.exe [394528 2019-11-09] (Symantec Corporation -> Symantec Corporation) S4 SQLAgent$EDM5000; C:\Program Files\Microsoft SQL Server\MSSQL12.EDM5000\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation) R2 WellplanCalculationServices32; C:\Landmark\EDT_5000.14\WellPlan\Services\32bit\EDK.Wellplan.WCFWindowsService32Host.exe [7680 2016-07-19] (Halliburton) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation) R2 CarbonBlack; C:\WINDOWS\CarbonBlack\halcsvc.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Data\Definitions\BASHDefs\20200414.001\BHDrvx64.sys [1952136 2019-10-29] (Symantec Corporation -> Symantec Corporation) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-02-18] (Microsoft Corporation) [File not signed] R5 carbonblackk; C:\Windows\System32\Drivers\carbonblackk.sys [194328 2015-09-11] (Bit9, Inc -> Carbon Black, Inc) R3 cbstream; C:\WINDOWS\System32\drivers\cbstream.sys [64200 2019-08-07] (Carbon Black, Inc. -> Carbon Black, Inc) S3 cbtdiflt; C:\WINDOWS\system32\drivers\cbtdiflt.sys [53016 2015-09-11] (Bit9, Inc -> Carbon Black, Inc) R1 ccSettings_{5CA4F88D-67B7-46CE-9653-5A17519F66F0}; C:\WINDOWS\System32\Drivers\SEP\0E0214CB\07D0.105\x64\ccSetx64.sys [179416 2019-11-09] (Symantec Corporation -> Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-11-27] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-02-26] (Symantec Corporation -> Symantec Corporation) R3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Data\Definitions\IPSDefs\20200429.061\IDSvia64.sys [1455288 2020-02-18] (Symantec Corporation -> Symantec Corporation) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2017-03-09] (Juniper Networks, Inc. -> Juniper Networks) S4 jnprTdi_824_597; C:\WINDOWS\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC -> Pulse Secure, LLC) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2017-03-09] (Juniper Networks, Inc. -> Juniper Networks, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-29] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-29] (Malwarebytes Inc -> Malwarebytes) R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) R3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) R1 raddrvv3; C:\WINDOWS\SysWOW64\rserver30\raddrvv3.sys [96128 2017-12-12] (Famatech Corp. -> Famatech Corp.) S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation) R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E0214CB\07D0.105\x64\SRTSP64.SYS [870064 2019-11-09] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E0214CB\07D0.105\x64\SRTSPX64.SYS [50864 2019-11-09] (Symantec Corporation -> Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\SyDvCtrl64.sys [44568 2019-11-09] (Symantec Corporation -> Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603040.004\symefasi64.sys [1821360 2020-02-18] (Symantec Corporation -> Symantec Corporation) S4 SymELAM; C:\WINDOWS\system32\Drivers\SEP\0E0214CB\07D0.105\x64\SymELAM.sys [26000 2019-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2019-08-07] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E0214CB\07D0.105\x64\Ironx64.SYS [311264 2019-11-09] (Symantec Corporation -> Symantec Corporation) R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E0214CB\07D0.105\x64\SYMNETS.SYS [567304 2019-11-09] (Symantec Corporation -> Symantec Corporation) R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [229672 2020-02-18] (Symantec Corporation -> Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation) R5 carbonblackk; <==== ATTENTION: Locked Service ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-01 17:01 - 2020-05-01 17:03 - 000028391 _____ C:\Users\h243170\Downloads\FRST.txt 2020-05-01 17:00 - 2020-05-01 17:01 - 000000000 ____D C:\FRST 2020-05-01 16:46 - 2020-05-01 16:47 - 002283520 _____ (Farbar) C:\Users\h243170\Downloads\FRST64.exe 2020-05-01 15:29 - 2020-05-01 15:29 - 000026814 _____ C:\Users\h243170\Desktop\User_h243170_15_26_55 FERNANDO ALIPATH.xlsx 2020-05-01 14:33 - 2020-05-01 14:33 - 000004764 _____ C:\WINDOWS\system32\CcmFramework.ini 2020-05-01 14:33 - 2020-05-01 14:33 - 000000621 _____ C:\WINDOWS\system32\CcmFramework.h 2020-05-01 14:27 - 2020-05-01 14:27 - 000000000 ____D C:\WINDOWS\ms 2020-05-01 08:21 - 2020-05-01 08:21 - 001302288 _____ C:\Users\h243170\Downloads\responsabilidad del company.pdf 2020-04-30 18:09 - 2020-04-30 18:09 - 000061044 _____ C:\Users\h243170\Downloads\Imprimir Pedido # 100035034.pdf 2020-04-30 17:34 - 2020-04-30 17:34 - 000061044 _____ C:\Users\h243170\Desktop\Imprimir Pedido # 100035034.pdf 2020-04-30 14:52 - 2020-04-30 14:53 - 000073085 _____ C:\Users\h243170\Downloads\Survey_Azimuth_ IXACHI-2001EXP ST.pdf 2020-04-29 22:02 - 2020-04-29 06:36 - 008196784 _____ (Malwarebytes) C:\Users\h243170\Downloads\adwcleaner_8.0.4.exe 2020-04-29 22:02 - 2020-04-29 01:43 - 003300224 _____ (Nicolas Coolman) C:\Users\h243170\Downloads\ZHPCleaner.exe 2020-04-29 17:02 - 2020-04-29 22:22 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-04-29 17:02 - 2020-04-29 17:02 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-04-29 14:34 - 2020-04-29 14:34 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-04-29 14:34 - 2020-04-29 14:34 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-04-29 14:29 - 2020-04-29 14:27 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-04-29 14:28 - 2020-04-29 14:27 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-04-29 14:27 - 2020-04-29 14:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-04-29 11:19 - 2020-04-29 16:53 - 000000000 ____D C:\AdwCleaner 2020-04-29 06:36 - 2020-04-29 06:36 - 008196784 _____ (Malwarebytes) C:\Users\h243170\Desktop\adwcleaner_8.0.4.exe 2020-04-29 06:16 - 2020-05-01 16:14 - 000000000 ____D C:\Users\h243170\AppData\Local\CrashDumps 2020-04-29 03:19 - 2020-04-29 03:19 - 000000000 ____D C:\Users\h243170\AppData\Local\mbam 2020-04-29 03:18 - 2020-04-29 03:18 - 000000000 ____D C:\Users\h243170\AppData\Local\mbamtray 2020-04-29 01:46 - 2020-04-29 01:46 - 000000000 ____D C:\Program Files\Malwarebytes 2020-04-29 01:43 - 2020-04-29 01:43 - 003300224 _____ (Nicolas Coolman) C:\Users\h243170\Desktop\ZHPCleaner.exe 2020-04-28 22:24 - 2020-04-28 22:27 - 000000000 ____D C:\Program Files\CCleaner 2020-04-28 22:24 - 2020-04-28 22:24 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2020-04-28 22:24 - 2020-04-28 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2020-04-28 22:06 - 2020-04-28 22:07 - 001980016 _____ (Malwarebytes) C:\Users\h243170\Downloads\MBSetup.exe 2020-04-28 21:36 - 2020-04-28 21:36 - 000000771 _____ C:\Users\h243170\Documents\Downloads - Shortcut.lnk 2020-04-28 21:23 - 2020-04-29 15:22 - 000000000 ____D C:\Users\h243170\AppData\Local\D3DSCache 2020-04-28 20:21 - 2020-04-28 20:33 - 022267336 _____ (Piriform Software Ltd) C:\Users\h243170\Downloads\ccsetup565.exe 2020-04-28 19:23 - 2020-04-28 19:23 - 000000000 ____D C:\Users\h243170\Documents\Custom Office Templates 2020-04-28 19:13 - 2020-04-28 19:13 - 000000000 ____D C:\Users\h243170\AppData\Local\Comms 2020-04-28 18:06 - 2020-04-28 18:06 - 000250960 _____ C:\Users\h243170\Desktop\Fernando Alipaht de Santiago Cert Medico 2020 covid.pdf 2020-04-28 16:20 - 2020-04-28 16:25 - 000000000 ____D C:\Users\h243170\AppData\Local\yammerdesktop 2020-04-28 16:18 - 2020-04-28 16:25 - 000000000 ____D C:\Users\h243170\AppData\Local\SquirrelTemp 2020-04-28 14:42 - 2020-04-28 14:42 - 000000000 ____D C:\Users\h243170\AppData\Local\GroupPolicy 2020-04-28 14:05 - 2020-04-28 14:13 - 000000000 ____D C:\Users\h243170\AppData\Local\Landmark 2020-04-28 14:05 - 2020-04-28 14:05 - 000002114 _____ C:\Users\h243170\Desktop\EDM AutoSync Client.lnk 2020-04-28 14:05 - 2020-04-28 14:05 - 000002098 _____ C:\Users\h243170\Desktop\OpenWells.lnk 2020-04-28 14:05 - 2020-04-28 14:05 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Landmark 2020-04-28 13:53 - 2020-04-28 13:53 - 000002519 _____ C:\Users\h243170\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-04-28 13:40 - 2020-04-28 19:31 - 000000000 ___RD C:\Users\h243170\Documents\Scanned Documents 2020-04-28 13:40 - 2020-04-28 13:40 - 000000000 ____D C:\Users\h243170\Documents\Fax 2020-04-28 13:39 - 2020-04-28 13:39 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Macromedia 2020-04-28 13:27 - 2020-04-28 16:38 - 000000000 ____D C:\Users\h243170\AppData\Local\Google 2020-04-28 13:24 - 2020-04-28 13:24 - 000000000 ____D C:\Users\h243170\AppData\Local\PlaceholderTileLogoFolder 2020-04-28 13:23 - 2020-04-28 13:23 - 000000000 ___HD C:\Users\h243170\MicrosoftEdgeBackups 2020-04-28 13:13 - 2020-04-28 13:13 - 000000000 ____D C:\Users\h243170\AppData\Local\Publishers 2020-04-28 13:06 - 2020-04-28 15:20 - 000000000 ____D C:\Users\h243170\AppData\LocalLow\Adobe 2020-04-28 13:05 - 2020-04-28 13:06 - 000000000 ____D C:\Users\h243170\AppData\Local\Adobe 2020-04-28 13:02 - 2020-04-28 13:02 - 000000782 _____ C:\Users\h243170\Desktop\Ixachi 2001 - Shortcut.lnk 2020-04-28 12:58 - 2020-04-28 12:58 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Skype 2020-04-28 12:57 - 2020-04-28 13:24 - 000000000 ____D C:\Users\h243170\AppData\Local\MicrosoftEdge 2020-04-28 12:55 - 2020-04-28 12:56 - 000000025 _____ C:\ProgramData\h243170-V5.txt 2020-04-28 12:54 - 2020-05-01 16:12 - 000000000 ____D C:\Users\h243170\AppData\Local\Packages 2020-04-28 12:54 - 2020-04-28 13:39 - 000000000 ____D C:\Users\h243170\AppData\Local\VirtualStore 2020-04-28 12:54 - 2020-04-28 13:06 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Adobe 2020-04-28 12:54 - 2020-04-28 12:54 - 000000032 _____ C:\ProgramData\h243170-V6.txt 2020-04-28 12:54 - 2020-04-28 12:54 - 000000000 ___RD C:\Users\h243170\3D Objects 2020-04-28 12:53 - 2020-05-01 14:03 - 000000000 __SHD C:\Users\h243170\IntelGraphicsProfiles 2020-04-28 12:53 - 2020-04-29 00:30 - 000000000 ____D C:\Users\h243170\AppData\Local\ConnectedDevicesPlatform 2020-04-28 12:53 - 2020-04-28 12:53 - 000000145 _____ C:\Users\h243170\EdgeConfig.flg 2020-04-28 12:53 - 2020-04-28 12:53 - 000000000 ____D C:\Users\h243170\AppData\Local\Symantec 2020-04-28 12:47 - 2020-05-01 14:54 - 000115280 __RSH C:\Users\h243170\ntuser.pol 2020-04-28 12:46 - 2020-04-28 12:46 - 000000020 ___SH C:\Users\h243170\ntuser.ini 2020-04-28 12:46 - 2020-01-07 20:23 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Intel Corporation 2020-04-28 12:46 - 2019-08-09 04:23 - 000000000 ____D C:\Users\h243170\AppData\Roaming\KnowBe4 2020-04-28 12:46 - 2019-08-07 17:05 - 000000000 ____D C:\Users\h243170\AppData\Roaming\SAP 2020-04-28 12:46 - 2019-08-07 16:18 - 000000000 ____D C:\Users\h243170\AppData\Local\Microsoft Help 2020-04-28 12:46 - 2019-08-07 16:16 - 000000000 ____D C:\Users\h243170\AppData\Roaming\Pulse Secure 2020-04-28 12:46 - 2019-03-18 23:46 - 000001105 _____ C:\Users\h243170\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-28 12:45 - 2020-05-01 14:54 - 000000000 ____D C:\Users\h243170 2020-04-15 17:26 - 2020-04-15 17:26 - 000000025 _____ C:\ProgramData\H238298-V5.txt 2020-04-15 17:25 - 2020-04-15 17:25 - 000000032 _____ C:\ProgramData\H238298-V6.txt 2020-04-15 17:15 - 2020-04-21 12:57 - 000000000 ____D C:\Users\H238298 2020-04-14 09:22 - 2020-02-10 23:48 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-04-14 09:22 - 2020-02-10 23:37 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-04-14 09:17 - 2020-04-14 09:17 - 002510856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2020-04-02 16:37 - 2020-04-21 12:57 - 000000000 ____D C:\Users\H226636 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-01 17:03 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-05-01 16:43 - 2020-02-15 05:53 - 000000000 ____D C:\Users\SVC_MX_IXACHI2001 2020-05-01 16:17 - 2019-08-09 04:23 - 000000000 ____D C:\Program Files (x86)\Microsoft PFE Remediation for Configuration Manager 2020-05-01 15:14 - 2019-08-07 16:06 - 000000000 ____D C:\WINDOWS\CCM 2020-05-01 15:06 - 2019-08-07 16:04 - 000000611 _____ C:\WINDOWS\SMSCFG.ini 2020-05-01 15:00 - 2019-08-07 16:04 - 000000000 ____D C:\WINDOWS\ccmsetup 2020-05-01 14:56 - 2020-02-15 05:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-05-01 14:41 - 2019-08-07 17:03 - 000060220 __RSH C:\ProgramData\ntuser.pol 2020-05-01 14:33 - 2020-02-15 06:10 - 001002686 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-05-01 14:33 - 2019-08-07 16:07 - 000203069 _____ C:\WINDOWS\system32\InstallUtil.InstallLog 2020-05-01 14:33 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF 2020-05-01 14:28 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-05-01 14:27 - 2019-08-13 17:15 - 000000000 ____D C:\WINDOWS\system32\{3DA228BE-34DA-49f4-A081-66465B077429} 2020-05-01 14:03 - 2019-08-07 17:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2020-05-01 14:01 - 2020-02-15 06:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-05-01 14:01 - 2019-08-07 17:34 - 000000000 ____D C:\WINDOWS\CarbonBlack 2020-05-01 04:14 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-05-01 04:14 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-29 16:15 - 2020-02-15 02:04 - 000000000 ___DC C:\WINDOWS\Panther 2020-04-29 16:15 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-04-29 16:13 - 2019-08-07 16:08 - 000000000 ____D C:\temp 2020-04-29 14:29 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-29 11:10 - 2020-02-15 05:53 - 000000000 ____D C:\Users\H237718 2020-04-28 18:03 - 2019-08-07 17:05 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-04-28 12:07 - 2019-11-19 11:47 - 000000000 ____D C:\Ixachi 2001 2020-04-21 12:57 - 2020-03-29 11:56 - 000000000 ____D C:\Users\h219942 2020-04-21 12:57 - 2020-03-06 12:39 - 000000000 ____D C:\Users\HB30963 2020-04-21 12:57 - 2020-02-15 05:54 - 000000000 ____D C:\Users\h188385 2020-04-21 12:57 - 2020-02-15 05:54 - 000000000 ____D C:\Users\defaultuser1.DKTP475832 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\SVC_MX_IXACHI1101 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\Halliburton 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\h210900 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\H184346 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\h113478a 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.005 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.004 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.003 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.002 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.001 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1.DKTP475832.000 2020-04-21 12:57 - 2020-02-15 05:53 - 000000000 ____D C:\Users\defaultuser1 2020-04-19 10:00 - 2019-08-07 17:16 - 000000000 ____D C:\UADiagnostics 2020-04-18 11:05 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ServiceState 2020-04-14 09:23 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-07 21:11 - 2019-08-07 16:06 - 000000000 ____D C:\WINDOWS\ccmcache ==================== FLock ============================== 2019-08-07 16:17 C:\MSOCache 2019-03-18 23:52 C:\PerfLogs 2020-04-26 03:55 C:\WINDOWS\system32\config 2019-03-18 23:52 C:\WINDOWS\system32\Configuration 2019-03-18 23:52 C:\WINDOWS\system32\DriverState 2019-03-18 23:52 C:\WINDOWS\system32\FxsTmp 2019-03-18 23:53 C:\WINDOWS\system32\ias 2020-02-15 07:47 C:\WINDOWS\system32\MsDtc 2019-03-18 23:52 C:\WINDOWS\system32\networklist 2019-08-10 06:42 C:\WINDOWS\system32\RsFx 2020-05-01 14:56 C:\WINDOWS\system32\SleepStudy 2020-05-01 17:05 C:\WINDOWS\system32\sru 2020-04-29 16:54 C:\WINDOWS\system32\Tasks 2020-02-15 07:47 C:\WINDOWS\system32\Tasks_Migrated 2020-02-26 13:39 C:\WINDOWS\system32\WDI 2020-05-01 04:14 C:\Program Files\WindowsApps 2020-05-01 14:01 C:\WINDOWS\CarbonBlack 2020-04-07 21:11 C:\WINDOWS\ccmcache 2020-05-01 15:00 C:\WINDOWS\ccmsetup 2020-02-15 06:26 C:\WINDOWS\diagerr.xml 2020-02-15 06:26 C:\WINDOWS\diagwrn.xml 2020-02-15 04:52 C:\WINDOWS\InfusedApps 2020-04-29 16:15 C:\WINDOWS\LiveKernelReports 2019-03-18 23:52 C:\WINDOWS\ModemLogs 2020-05-01 17:05 C:\WINDOWS\Prefetch 2020-04-18 11:05 C:\WINDOWS\ServiceState 2020-05-01 17:06 C:\WINDOWS\Temp 2019-03-18 23:52 C:\WINDOWS\SysWOW64\config 2019-03-18 23:52 C:\WINDOWS\SysWOW64\Configuration 2019-03-18 23:52 C:\WINDOWS\SysWOW64\FxsTmp 2019-03-18 23:52 C:\WINDOWS\SysWOW64\Msdtc 2019-03-18 23:52 C:\WINDOWS\SysWOW64\networklist 2019-03-18 23:52 C:\WINDOWS\SysWOW64\sru 2019-03-18 23:52 C:\WINDOWS\SysWOW64\Tasks 2019-03-18 23:52 C:\WINDOWS\system32\Drivers\DriverData 2020-02-14 00:05 C:\Users\defaultuser0 2020-04-21 12:57 C:\Users\defaultuser1 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.000 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.001 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.002 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.003 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.004 2020-04-21 12:57 C:\Users\defaultuser1.DKTP475832.005 2020-04-21 12:57 C:\Users\h113478a 2020-04-21 12:57 C:\Users\H184346 2020-04-21 12:57 C:\Users\h188385 2020-04-21 12:57 C:\Users\h210900 2020-04-21 12:57 C:\Users\h219942 2020-04-21 12:57 C:\Users\H226636 2020-04-29 11:10 C:\Users\H237718 2020-04-21 12:57 C:\Users\H238298 2020-04-21 12:57 C:\Users\Halliburton 2020-04-21 12:57 C:\Users\HB30963 2020-04-21 12:57 C:\Users\SVC_MX_IXACHI1101 2020-05-01 16:43 C:\Users\SVC_MX_IXACHI2001 2020-02-15 12:17 C:\ProgramData\Packages 2019-03-19 01:22 C:\ProgramData\WindowsHolographicDevices ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened. Access is denied. ==================== End of FRST.txt ========================