Start::
CreateRestorepoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-726762074-1566923463-958121575-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35320448 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-726762074-1566923463-958121575-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\yoko uehara\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-726762074-1566923463-958121575-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\yoko uehara\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-726762074-1566923463-958121575-1000\...\RunOnce: [Uninstall 22.002.0103.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\yoko uehara\AppData\Local\Microsoft\OneDrive\22.002.0103.0004"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0854ED53-2EF5-491E-8173-E7FEF5F965A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {0B3E64CE-2263-4EDA-8770-B26B8D2A1CAC} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {0EF0E7F7-943C-4DDB-8D40-0CDF94E33309} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {108916A6-29DC-424B-8C94-7995BCEBC27C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {1174A7D5-9FA1-4FA9-95A2-1F2D889C335B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {17CC83CE-8673-49C6-9297-5B3E6FA3F546} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {18C16409-2DE2-436B-871F-228B18A2819A} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {19AB9195-564B-49EF-A908-53C858C1A9FD} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [303792 2022-02-25] (HP Inc. -> HP Inc.)
Task: {28AF2FB1-90F3-4D4B-8232-5F0E0C2E0F4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. -> HP Inc.)
Task: {2F971B18-9500-455F-B3BF-C19E75FCDD3D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {31E373DD-C176-42F4-B973-4FFD57898F04} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {372ACE5E-0A7E-4F0C-956F-E1EB2E7A34BF} - System32\Tasks\avastBCLS-1-5-21-726762074-1566923463-958121575-1000 => C:\Users\yoko uehara\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe (No File)
Task: {37AE3E48-430B-481E-8B36-6BA1C6C0A47F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {37C402A5-9B40-45FD-9889-66F0B45BC903} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {3AFF458D-98FD-47AF-B1AA-83CCAC59EC08} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {3E432ECF-FEB4-4C33-9B14-091C680F84E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {3FA14972-FBB6-4654-A17B-0C0969D5D216} - System32\Tasks\HP AR Program Upload - 7a3d8ea973334e0db9d354ad05cd87578cbaeff09ae84f38bd6819c30828c58d => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe -N 7a3d8ea973334e0db9d354ad05cd87578cbaeff09ae84f38bd6819c30828c58d -mode Scheduled (No File)
Task: {5DB1301C-8957-4235-BB98-34AC1D76FD09} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {6E7EBC0D-C691-4DB4-A983-A4F90B3F4D70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {7C9EAFD1-404A-4D1E-B8F4-55152DCCF54F} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (No File)
Task: {7D954184-BC58-425C-8B1C-673CECB7C3E2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {8BCD939F-9F73-430C-82CD-96C7AEB9DCE9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {8BD7D0BD-2D66-4264-8BC1-84E80EBCA792} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {8E874C3D-0C15-43BA-964A-340AF289B572} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {8FA003A3-4A9F-4228-A2F3-FD419C917133} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9AA30FF8-A518-4C82-8B81-A9E3FEE985AD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A78BCFE6-9C3B-4B78-80CA-86BEA422F471} - System32\Tasks\GoogleUpdateTaskMachineUA1cf92058f26918c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {AA4D3DC7-1B74-468C-A2E1-F7C7B1002B60} - System32\Tasks\HP AR Program Upload - 85375f64c93449a3a2c60db0b7c3427547fa09da6d3642acbba3a1d00997ca07 => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe -N 85375f64c93449a3a2c60db0b7c3427547fa09da6d3642acbba3a1d00997ca07 -mode Scheduled (No File)
Task: {B2712E44-F781-4DEE-BFB0-230360182232} - System32\Tasks\CCleanerSkipUAC - yoko uehara => C:\Program Files\CCleaner\CCleaner.exe [29453952 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C6FE9145-C97A-4B6C-A7ED-006EEF97B0F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D0D13C1A-4351-4058-94C2-7561C5E3371D} - System32\Tasks\HP AR Program Upload - a08c82a3a4904ed6886ad3b5dd5f987b51b25ea7302a4902adda2b1db27669eb => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe -N a08c82a3a4904ed6886ad3b5dd5f987b51b25ea7302a4902adda2b1db27669eb -mode Scheduled (No File)
Task: {D109AD3C-A657-43CD-B603-98B864F7CE6E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {D466684C-FB8A-40F6-B055-F4EAC932E86F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {DC631CF0-260E-404A-8873-21EEAE3205F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {E45E89A4-710D-438B-9DBB-FB61E29B314C} - System32\Tasks\HP AR Program Upload - 66ccd6143edc451fb5b36b81d8d2e10bf04a9841d8b845debb9a7c79efdf0e2d => C:\Program Files\HP\HP Photosmart 5510 series\bin\HPRewards.exe -N 66ccd6143edc451fb5b36b81d8d2e10bf04a9841d8b845debb9a7c79efdf0e2d -mode Scheduled (No File)
Task: {E4A62ED9-A897-46D5-A94A-A328CB178DCF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {E7281741-0AE6-4CA5-9B6D-BFA0C5511A62} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {F502DBFE-FEC6-4A11-9D6E-9723295679F4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension => not found
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\NTTW\Security\SEC\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
U3 idsvc; no ImagePath
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1_S-1-5-21-726762074-1566923463-958121575-1000: [AtokShellEx] -> {DE6C4AB3-E85E-4784-904C-C170E57F6ACB} =>  -> No File
ContextMenuHandlers4_S-1-5-21-726762074-1566923463-958121575-1000: [AtokShellEx] -> {DE6C4AB3-E85E-4784-904C-C170E57F6ACB} =>  -> No File
ContextMenuHandlers5_S-1-5-21-726762074-1566923463-958121575-1000: [AtokShellEx] -> {DE6C4AB3-E85E-4784-904C-C170E57F6ACB} =>  -> No File
Toolbar: HKU\S-1-5-21-726762074-1566923463-958121575-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-726762074-1566923463-958121575-1000 -> No Name - {AEF44653-C059-42CB-A5B7-41C640DA4A67} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{20CBE2FD-5CE4-4B93-A621-348176415562}] => (Allow) C:\Users\yoko uehara\AppData\Local\Temp\7zS4CDE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0EDA6A46-D04E-4ADA-B3FD-A6FD0EAD77AD}] => (Allow) C:\Users\yoko uehara\AppData\Local\Temp\7zS4CDE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [TCP Query User{87CAB859-D942-42BC-A308-7F74E48D205D}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe => No File
FirewallRules: [UDP Query User{40B375DA-1844-401B-9A6B-D95455C25C9F}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe => No File
AlternateDataStreams: C:\Users\yoko uehara\Desktop\同意書.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\yoko uehara\Desktop\同意書.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Users\yoko uehara\AppData\Roaming\PDAppFlex
DeleteValue: HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName2
CMD: winmgmt /verifyrepository
CMD: bitsadmin /reset
CMD: cscript %windir%\system32\slmgr.vbs /dlv
CMD: ipconfig /flushdns
Hosts:
RemoveProxy:
EmptyTemp:
End::