Hello again! I started this new topic after attempting the "log posting instructions." I verified that there weren't any sharing programs such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa. However, I downloaded both versions of 32 and 64 bit Farbar Recovery Scan Tool. I attached screen shots of my programs installed.
I received the below error messages for both versions:
Windows protected your PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
More information
The only button to click is "don't run"
Please let me know if I need to uninstall a program or another method to run the scan and provide you with the reports. Thank you!
Hi, Lisa.
You can click on the More info link and then allow the tool to run. Let me know if you were able to do that.
Yes, it worked! Thank you!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by Angel (administrator) on LAPTOP-Q41MP6MQ (Dell Inc. Inspiron 5570) (20-11-2023 16:35:21)
Running from C:\Users\Angel\Downloads\FRST64.exe
Loaded Profiles: Angel
Platform: Microsoft Windows 10 Home Version 1909 18363.1556 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (DELL) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Angel\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [MicrosoftEdgeAutoLaunch_8638D5878CD50E3AFF48AF9AE1C440CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-18] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {8803AE13-734A-460E-B8C5-B9F0C061D0DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {DD5398A8-3A23-4869-BA36-C7E3FFAB32A1} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9F60F853-9343-4D6D-8B90-7CE8B3FEC937} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe /r (No File)
Task: {CF05FAE4-46B2-4BC3-92FA-420C1697ECDE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [4780136 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe SCHED (No File)
Task: {8CE4A512-BA15-4796-BCB0-BEE6ADE30C0B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {08A99543-FDFC-4723-9E5E-1C69A3EB6BF8} - System32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {26BE4553-BB4F-4F5B-9FD5-9D81622C9BA1} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] ->
Task: {6D5AB699-8D4A-42C8-9A03-BE5277DAE395} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {DC76A489-CE8A-4D4A-BECA-2EE98872354D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {F1CAE8F1-7B3F-4129-8F45-E2B358173233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {107CA81F-B564-42D5-8015-A24B2DF2DD9A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {74165412-D8B3-42C8-8AB5-0389CF30FD6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {A6F4CEE5-5EB8-40D2-A948-B00D0D47EA73} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5FCE4DD-8676-4E1D-B57E-BF6BCDA0B5EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {788587C8-D935-41FA-829F-9BF46B6A8A7B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2725A24E-83DB-4850-BC7D-10F291E5EF14} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B411A68-358C-4E71-AEF2-B83B4FB9448F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169656 2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {856B80C5-F69C-4E77-B37A-024A3BB7388A} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {FD676106-6387-4200-BC63-62B8D73888B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E6A7A9B5-A73C-42D8-91EB-0655F201D270} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {324EAD25-5283-4D0C-9D58-A6BD0325BF76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {43DCFB29-DC9A-4084-B0FB-F14697B868C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4546c0b4-61d8-4d7e-aa2f-3c3e236bc249}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
DownloadDir: C:\Users\Angel\OneDrive\Desktop
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-20]
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
Edge HomePage: Default -> hxxp://dell17swin10.msn.com/?pc=DSJE
Edge Extension: (American Airlines AAdvantage eShopping℠) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dcdiajifnnbipfljbggcbbheipfdmgpo [2023-10-26]
Edge Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
Edge Extension: (Edge relevant text changes) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-10-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2019-03-24] (Geocomply USA, Inc. -> GeoComply)
Chrome:
=======
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2023-11-20]
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [317352 2022-06-20] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{D5FA3E6A-4881-4364-BC29-4FD5069EEECE} [21304 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-10-26] (Dell Inc -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9341488 2023-11-03] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl1c0ae35c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D358F163-EB78-4820-B738-9356CCC346F3}\MpKslDrv.sys [54680 2023-11-20] (Microsoft Windows -> Microsoft Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-20 16:35 - 2023-11-20 16:37 - 000027947 _____ C:\Users\Angel\Downloads\FRST.txt
2023-11-20 16:24 - 2023-11-20 16:36 - 000000000 ____D C:\FRST
2023-11-20 08:57 - 2023-11-20 08:57 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-11-20 08:04 - 2023-11-20 08:04 - 000000000 ___HD C:\$WINDOWS.~BT
2023-11-20 08:01 - 2023-11-20 08:01 - 002383872 _____ (Farbar) C:\Users\Angel\Downloads\FRST64.exe
2023-11-20 07:59 - 2023-11-20 07:59 - 002084864 _____ (Farbar) C:\Users\Angel\Downloads\FRST.exe
2023-11-18 19:57 - 2023-11-18 19:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-11-18 19:57 - 2023-11-18 19:57 - 000002383 _____ C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-18 08:01 - 2023-11-18 08:01 - 000000000 ____D C:\WINDOWS\{6125BA49-3837-4FD1-B84D-D8725F791C00}
2023-11-15 10:00 - 2023-11-15 10:00 - 000000000 ___HD C:\$WinREAgent
2023-11-03 06:12 - 2023-11-03 06:12 - 001852422 _____ C:\Users\Angel\Downloads\Lisa Rimmington Resume 10.14.23 (1).pdf
2023-11-02 20:34 - 2023-11-02 20:34 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-10-26 18:56 - 2023-10-26 18:56 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-10-24 21:41 - 2023-10-24 21:41 - 000157038 _____ C:\Users\Angel\Downloads\Rimmington,+Lisa_Contract+10.17.23.pdf
2023-10-24 17:57 - 2023-10-24 17:57 - 000000000 ___HD C:\OneDriveTemp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-20 16:24 - 2020-04-18 18:30 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AFF0136-932C-4F79-9999-48C960EF9F1F}
2023-11-20 16:23 - 2020-04-18 18:09 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-20 16:23 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2023-11-20 16:23 - 2018-09-01 07:11 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-20 16:20 - 2018-03-03 13:57 - 000000000 ___RD C:\Users\Angel\OneDrive
2023-11-20 16:18 - 2023-05-11 17:15 - 000000000 ____D C:\Users\Angel\AppData\Local\Malwarebytes
2023-11-20 16:18 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-20 16:18 - 2018-03-03 13:55 - 000000000 __SHD C:\Users\Angel\IntelGraphicsProfiles
2023-11-20 16:15 - 2020-04-18 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-20 16:15 - 2017-12-26 15:29 - 000000000 ___HD C:\Intel
2023-11-20 11:25 - 2019-11-12 21:53 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-11-20 11:13 - 2020-04-18 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-20 10:18 - 2020-04-18 17:58 - 000000000 ____D C:\Users\Angel
2023-11-20 10:18 - 2018-03-03 13:48 - 000000000 ____D C:\ProgramData\Goodix
2023-11-20 08:09 - 2020-04-12 12:00 - 000000000 ___DC C:\WINDOWS\Panther
2023-11-20 08:04 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-19 19:52 - 2019-10-03 08:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-18 19:57 - 2021-12-10 19:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-11-18 08:45 - 2018-09-01 07:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-18 08:45 - 2018-09-01 07:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-11-18 08:32 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-18 08:17 - 2022-03-28 19:23 - 000000000 ____D C:\Program Files (x86)\Dell
2023-11-18 08:16 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Dell
2023-11-16 18:37 - 2020-03-15 05:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-16 18:37 - 2020-03-15 05:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-16 09:28 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2023-11-15 10:21 - 2018-03-04 13:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 10:16 - 2018-03-04 13:26 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 13:16 - 2021-05-09 08:39 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-11-14 13:16 - 2021-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-11-14 13:16 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Publishers
2023-11-13 11:41 - 2020-04-18 18:30 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-13 11:41 - 2020-04-18 18:30 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-06 19:53 - 2018-03-04 13:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-30 17:28 - 2020-04-18 18:30 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-30 17:28 - 2020-04-18 18:30 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-26 18:56 - 2020-12-22 19:47 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Zoom
2023-10-25 19:00 - 2020-12-15 20:06 - 000000000 ____D C:\Users\Angel\AppData\Local\CrashDumps
==================== Files in the root of some directories ========
2019-11-12 21:52 - 2019-11-12 21:52 - 000000410 _____ () C:\Users\Angel\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Angel (20-11-2023 16:39:27)
Running from C:\Users\Angel\Downloads
Microsoft Windows 10 Home Version 1909 18363.1556 (X64) (2020-04-18 23:32:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2065802760-3759808543-2889841689-500 - Administrator - Disabled)
Angel (S-1-5-21-2065802760-3759808543-2889841689-1001 - Administrator - Enabled) => C:\Users\Angel
DefaultAccount (S-1-5-21-2065802760-3759808543-2889841689-503 - Limited - Disabled)
Guest (S-1-5-21-2065802760-3759808543-2889841689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2065802760-3759808543-2889841689-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20380 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Power Manager Service (HKLM\...\{17556F90-3FF4-41B6-925D-F23DFDB3D4FC}) (Version: 3.11.0 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{dc44ee3f-d6c1-444d-a660-b0f1ac90b51d}) (Version: 5.5.4.16189 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{5EBD9C95-240B-4CD3-A1C1-DACF9E85518F}) (Version: 5.1.0 - Dell Inc.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.800 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.160 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{68A981A0-ED59-41E0-B45E-7A78F643120D}) (Version: 21.40.1.3406 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Malwarebytes version 4.6.5.293 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.5.293 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{B5664346-4402-4834-81BE-9687BF653BA2}) (Version: 3.26.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-13] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-12] (Adobe Systems Incorporated)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.82.0_x64__htrsf667h5kn2 [2023-09-03] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2018-03-08] (Dell Inc)
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.14.40.0_x64__htrsf667h5kn2 [2023-04-08] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.1.35.0_x86__htrsf667h5kn2 [2023-11-18] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-09-03] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.0.0_x86__8xx8rvfyw5nnt [2023-06-02] (Meta)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-11-11] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-15] (INTEL CORP)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-08] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-13] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-19] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-29] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-07] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-10] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B4CC9460FEB1} -> [Creative Cloud Files] => C:\Users\Angel\Creative Cloud Files [2019-11-12 22:01]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0A936ED9-16B6-4086-923E-5F4472018F2F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1E303C55-E8E4-4C2F-894A-D4DA95D7EB4F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9AAC3717-2116-4ACD-AA45-725612E315BC}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B441CDF0-E9C4-4CA7-988C-DBA69AD84243}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11ECE87B-9D5C-4767-912B-5FEEABCE4244}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A403399-07DD-4F4E-9802-3B608E84D880}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{232C7206-82B1-4CCA-B205-23B629CDA690}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8554A220-B1EB-49B5-AEA5-9A60A18F0E32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83DDA12F-42AD-4D42-9E5B-CEC8BB6D9060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45778EF2-8AA6-4927-826F-9899DFF88A72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BC6C325-9D8C-4C2F-9810-D74957942966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6089B82F-29D2-4619-B241-370FF99F85D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78B535B1-1D0A-45EF-88DC-7C1ECC075D66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A30F533-30D5-4CCF-9812-57FE5849865B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EC348B71-9A8F-4CB6-B56F-4FFA681072FF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
15-11-2023 10:15:44 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/20/2023 04:28:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3448,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (11/20/2023 04:15:54 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/20/2023 04:15:48 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/20/2023 11:30:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15396,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (11/20/2023 11:13:12 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3728,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
System errors:
=============
Error: (11/20/2023 04:23:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-Q41MP6MQ)
Description: The server Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (11/20/2023 04:16:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%2147770990
Error: (11/20/2023 04:15:03 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.
Error: (11/20/2023 04:15:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:11 AM on 11/20/2023 was unexpected.
Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/20/2023 10:25:54 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/20/2023 10:25:11 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-Q41MP6MQ)
Description: The server Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2023-11-20 08:25:38.902
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-18 20:09:19.877
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-16 12:01:20.965
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-16 10:50:36.593
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-16 10:46:27.700
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:
Date: 2023-11-19 19:56:39.774
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.883.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2023-11-07 19:53:43.290
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.250.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-10-11 20:18:12.027
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.399.384.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23090.2007
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-09-23 13:32:31.164
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1367.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-09-21 19:48:16.335
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1139.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
==================== Memory info ===========================
BIOS: Dell Inc. 1.14.0 04/06/2023
Motherboard: Dell Inc. 09YTN7
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8089.29 MB
Available physical RAM: 3289.83 MB
Total Virtual: 11545.29 MB
Available Virtual: 5809.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.27 GB) (Free:855.94 GB) (Model: ST1000LM035-1RK172) NTFS
\\?\Volume{72977a33-1d91-40e5-8469-afcc009adffe}\ () (Fixed) (Total:0.62 GB) (Free:0.07 GB) NTFS
\\?\Volume{effbf4ad-0ae8-4622-97dd-f3d2567c2232}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 843848C4)
Partition: GPT.
==================== End of Addition.txt =======================
Hello, Lisa, and thanks for the logs.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:1.
Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2.
Do not run any tools unless instructed to do so. Also,
do not uninstall or install any software during the procedure, unless I ask you to do so.
3.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs,
please uninstall them now, before we start the cleaning procedure.
4.
If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts
within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least
once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post.
Please, be patient, while I analyze your logs.
=======================
There is a lot to say, after reviewing your logs.
Let's start step by step:
1. Move FRSTPlease move the tool from your Downloads folder on to your Desktop.
2. NotificationsDid you intentionally set receiving notifications from the following sites, either on Chrome or Edge?
hxxps://concerts.livenation.com;
hxxps://www.beachbodyondemand.com;
hxxps://www.facebook.com;
hxxps://www.sephora.com;
hxxps://www.tangeroutlet.com;
hxxps://www.ticketmaster.com
hxxps://www.beachbodyondemand.com;
hxxps://www.draftkings.com3. Surveillance alertsCan you give us an example of what you are getting? A screenshot or a photo to attach, or a more detailed description of the issue?
In your next reply please post:- Your reply about notifications
- An example of the alerts you are getting, if this is possible
Hello! Yes, I most likely set the notifications from those websites--I use them. I really don't need the notifications. Last week, I started having system issues like the speed to view emails is so slow that I close it and try it later. I have AAA alert and last week was the first time in six years that I received this email:
Every day, ProtectMyID® monitors your Experian® credit file to notify you of key changes made to your credit report.
Below is a summary of the alerts you received over the last month.
Service Quantity
Internet Surveillance 2
Since I've never received that and my I'm having system issues, I thought this is an issue!
Thank you!
ProtectMyID® is identity theft protection offered by AAA. Is it possible that you enrolled in the service, either on purpose or by accidentally checking the box on a renewal form? They have a free version, and two paid options if memory serves.
Hi, Lisa.
I don't have an explanation other than Winchester's above, about the email you got, at the moment.
I would mention it later, but since you talked about slowness, I need to tell you that there are signs that your hard disk started failing. The following lines are from your logs:
Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
So, before we move on with the cleaning procedure, I will recommend you to save all your files in an external disk, just in case.
After that:
Check disk- Click on the Start button and in the search box, type Command Prompt.
- When you see Command Prompt on the list, right-click on it and select Run as administrator.
- Enter the command below and press on Enter and wait for it to finish (~15 minutes to several hours, depending on the disk's condition).
chkdsk C: /r
- You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
- The process will take some time, depending on the disk condition.
- Download ListChkdskResult (https://www.dropbox.com/s/xfsr4yyg5yun3k1/ListChkdskResult.exe?dl=1) by SleepyDude and save it on your Desktop.
- Double click on the created icon.
- A notepad file will open. Copy its content and paste it in your next reply.
Hello! Okay! I saved my files elsewhere. I restarted my computer but had issues logging in--it gave me an error message that I'm not signed in... However, I was able to finish the last step and receive this notepad content:
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
------< Log generate on 11/25/2023 12:50:12 PM >------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97518
Source Name: Chkdsk
Time Written: 11-23-2023 @ 15:20:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 1.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97075
Source Name: Chkdsk
Time Written: 11-20-2023 @ 15:25:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.
1 corruption record processed in 0.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 96548
Source Name: Chkdsk
Time Written: 11-17-2023 @ 00:16:28
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 95185
Source Name: Chkdsk
Time Written: 11-11-2023 @ 00:55:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 94120
Source Name: Chkdsk
Time Written: 11-02-2023 @ 23:27:36
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 93568
Source Name: Chkdsk
Time Written: 10-26-2023 @ 22:39:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.8 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 92998
Source Name: Chkdsk
Time Written: 10-21-2023 @ 00:06:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 91582
Source Name: Chkdsk
Time Written: 10-10-2023 @ 00:03:45
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90657
Source Name: Chkdsk
Time Written: 09-30-2023 @ 18:19:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90206
Source Name: Chkdsk
Time Written: 09-21-2023 @ 23:26:55
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.5 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 89354
Source Name: Chkdsk
Time Written: 09-07-2023 @ 21:51:46
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 87577
Source Name: Chkdsk
Time Written: 08-17-2023 @ 23:30:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 86190
Source Name: Chkdsk
Time Written: 08-01-2023 @ 01:13:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 85472
Source Name: Chkdsk
Time Written: 07-14-2023 @ 21:47:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.5 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 83900
Source Name: Chkdsk
Time Written: 06-23-2023 @ 18:21:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 82931
Source Name: Chkdsk
Time Written: 06-13-2023 @ 21:29:13
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 81864
Source Name: Chkdsk
Time Written: 05-26-2023 @ 12:43:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 79128
Source Name: Chkdsk
Time Written: 05-06-2023 @ 17:46:57
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 74853
Source Name: Chkdsk
Time Written: 03-11-2023 @ 14:10:14
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 1.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 73124
Source Name: Chkdsk
Time Written: 02-14-2023 @ 06:10:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 71847
Source Name: Chkdsk
Time Written: 01-21-2023 @ 00:16:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68705
Source Name: Chkdsk
Time Written: 12-08-2022 @ 01:32:03
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.9 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68156
Source Name: Chkdsk
Time Written: 11-27-2022 @ 23:32:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 67689
Source Name: Chkdsk
Time Written: 11-24-2022 @ 00:55:50
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.
1 corruption record processed in 0.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Hi, Lisa.
I see that you run the chkdsk utility regularly. There is no reason to do that.
The result is shown in these words:
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
However, I'm glad you made a backup. As soon as an issue appears with the disk, you never know when it completely fails.
Moving on. Please, make sure you moved FRST tool from your Downloads folder on to your Desktop.
1. FRST fixPlease do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Angel (27-11-2023 13:42:51) Run:1
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
Restore point was successfully created.
Processes closed successfully.
"Edge Notifications" => removed successfully
"Chrome Notifications" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
MpKsldb0ad81e => service not found.
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7B5BEF7-A830-43A7-858A-05667B872EEA} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E8A4F54-6F86-43BD-9350-E47196E4DE22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A1A5494-F9ED-4252-80D3-3894C4A60692}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DD474BD-39EF-4A33-A490-0302BD8EF941}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83EF1896-B1DE-49A7-A92D-6D9C18954E56}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{321D00A1-B58D-4A35-907B-A422036EF256}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B524FE52-59B4-4BBF-8247-E2FD16615CD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C201ACD-7498-4572-BD88-45D40433C8E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BDE6974-363F-42B0-8A35-BDD30AC0086F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E292E65-461D-4921-A25B-3A03C76F385B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{486BAE9B-F831-482C-9AD5-87AF06C98AE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}" => removed successfully
========= DISM /Online /Cleanup-Image /RestoreHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.18362.1379
Image Version: 10.0.18363.1556
[== 3.8% ]
[== 3.8% ]
[== 3.9% ]
[== 4.1% ]
[== 4.2% ]
[== 4.5% ]
[== 4.7% ]
[== 4.9% ]
[== 5.1% ]
[== 5.1% ]
[=== 5.2% ]
[=== 5.5% ]
[=== 5.7% ]
[=== 5.7% ]
[=== 5.9% ]
[=== 6.0% ]
[=== 6.2% ]
[=== 6.3% ]
[=== 6.5% ]
[=== 6.6% ]
[=== 6.7% ]
[=== 6.9% ]
[==== 7.0% ]
[==== 7.2% ]
[==== 7.2% ]
[==== 7.3% ]
[==== 7.5% ]
[==== 7.6% ]
[==== 7.7% ]
[==== 7.9% ]
[==== 7.9% ]
[==== 8.2% ]
[==== 8.4% ]
[==== 8.6% ]
[===== 8.8% ]
[===== 9.1% ]
[===== 9.3% ]
[===== 9.5% ]
[===== 9.6% ]
[===== 9.8% ]
[===== 10.0% ]
[===== 10.1% ]
[===== 10.3% ]
[====== 10.5% ]
[====== 10.6% ]
[====== 10.9% ]
[====== 10.9% ]
[====== 11.2% ]
[====== 11.3% ]
[====== 11.5% ]
[====== 11.6% ]
[====== 11.8% ]
[====== 11.8% ]
[======= 12.2% ]
[======= 12.2% ]
[======= 12.4% ]
[======= 12.5% ]
[======= 12.6% ]
[======= 12.8% ]
[======= 13.0% ]
[======= 13.1% ]
[======= 13.3% ]
[======= 13.4% ]
[======= 13.7% ]
[======== 13.8% ]
[======== 14.0% ]
[======== 14.3% ]
[======== 14.4% ]
[======== 14.6% ]
[======== 14.9% ]
[======== 15.1% ]
[======== 15.4% ]
[========= 15.5% ]
[========= 15.6% ]
[========= 15.9% ]
[========= 16.2% ]
[========= 16.2% ]
[========= 16.5% ]
[========= 16.6% ]
[========= 16.9% ]
[========= 17.1% ]
[========= 17.2% ]
[========== 17.4% ]
[========== 17.7% ]
[========== 17.8% ]
[========== 18.0% ]
[========== 18.2% ]
[========== 18.6% ]
[========== 18.6% ]
[========== 18.8% ]
[========== 18.9% ]
[========== 18.9% ]
[=========== 19.2% ]
[=========== 19.5% ]
[=========== 19.8% ]
[=========== 20.0% ]
[=========== 20.4% ]
[============ 21.4% ]
[============ 22.3% ]
[============= 22.8% ]
[============= 23.2% ]
[============= 23.6% ]
[============= 23.9% ]
[============== 24.3% ]
[============== 24.8% ]
[============== 25.1% ]
[============== 25.6% ]
[=============== 26.2% ]
[=============== 26.8% ]
[=============== 27.3% ]
[================ 27.8% ]
[================ 28.1% ]
[================ 28.2% ]
[================ 28.8% ]
[================ 28.8% ]
[================ 29.1% ]
[================ 29.1% ]
[================= 29.4% ]
[================= 29.7% ]
[================= 30.0% ]
[================= 30.3% ]
[================= 30.4% ]
[================= 30.5% ]
[================= 30.5% ]
[================= 30.6% ]
[================= 30.6% ]
[================= 30.7% ]
[================= 31.0% ]
[================== 31.1% ]
[================== 31.4% ]
[================== 31.6% ]
[================== 31.9% ]
[================== 32.2% ]
[================== 32.4% ]
[================== 32.8% ]
[=================== 33.0% ]
[=================== 33.3% ]
[=================== 33.5% ]
[=================== 33.8% ]
[=================== 34.0% ]
[==================== 34.5% ]
[==================== 34.6% ]
[==================== 34.8% ]
[==================== 35.0% ]
[==================== 35.2% ]
[==================== 35.5% ]
[==================== 35.7% ]
[==================== 35.9% ]
[==================== 36.2% ]
[===================== 36.5% ]
[===================== 36.5% ]
[===================== 36.7% ]
[===================== 37.0% ]
[===================== 37.1% ]
[===================== 37.5% ]
[===================== 37.7% ]
[====================== 38.1% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.6% ]
[====================== 38.9% ]
[====================== 39.1% ]
[====================== 39.4% ]
[====================== 39.6% ]
[======================= 40.0% ]
[======================= 40.1% ]
[======================= 40.1% ]
[======================= 40.2% ]
[======================= 40.3% ]
[======================= 40.4% ]
[======================= 40.5% ]
[======================= 40.9% ]
[======================= 41.1% ]
[======================= 41.2% ]
[======================= 41.3% ]
[======================= 41.4% ]
[======================== 41.4% ]
[======================== 41.6% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.9% ]
[======================== 42.0% ]
[======================== 42.0% ]
[======================== 42.0% ]
[======================== 42.1% ]
[======================== 42.2% ]
[======================== 42.2% ]
[======================== 42.3% ]
[======================== 42.3% ]
[======================== 42.5% ]
[======================== 42.5% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.7% ]
[======================== 42.8% ]
[======================== 42.9% ]
[======================== 42.9% ]
[======================== 43.0% ]
[======================== 43.0% ]
[======================== 43.1% ]
[======================== 43.1% ]
[========================= 43.2% ]
[========================= 43.2% ]
[========================= 43.3% ]
[========================= 43.4% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.6% ]
[========================= 43.8% ]
[========================= 43.8% ]
[========================= 44.0% ]
[========================= 44.1% ]
[========================= 44.2% ]
[========================= 44.2% ]
[========================= 44.2% ]
[========================= 44.3% ]
[========================= 44.4% ]
[========================= 44.5% ]
[========================= 44.6% ]
[========================= 44.6% ]
[========================= 44.7% ]
[========================= 44.8% ]
[========================== 44.8% ]
[========================== 44.9% ]
[========================== 45.1% ]
[========================== 45.1% ]
[========================== 45.2% ]
[========================== 45.4% ]
[========================== 45.4% ]
[========================== 45.6% ]
[========================== 45.6% ]
[========================== 45.7% ]
[========================== 45.8% ]
[========================== 45.9% ]
[========================== 45.9% ]
[========================== 46.0% ]
[========================== 46.0% ]
[========================== 46.2% ]
[========================== 46.4% ]
[===========================46.6% ]
[===========================46.7% ]
[===========================46.9% ]
[===========================46.9% ]
[===========================47.2% ]
[===========================47.3% ]
[===========================47.6% ]
[===========================47.8% ]
[===========================47.9% ]
[===========================47.9% ]
[===========================48.1% ]
[===========================48.2% ]
[===========================48.5% ]
[===========================48.5% ]
[===========================48.8% ]
[===========================48.9% ]
[===========================49.1% ]
[===========================49.4% ]
[===========================49.4% ]
[===========================49.4% ]
[===========================49.5% ]
[===========================49.6% ]
[===========================49.9% ]
[===========================50.0% ]
[===========================50.3% ]
[===========================50.6% ]
[===========================50.9% ]
[===========================51.2% ]
[===========================51.5% ]
[===========================51.8% ]
[===========================51.8% ]
[===========================52.1% ]
[===========================52.4% ]
[===========================52.9% ]
[===========================53.4% ]
[===========================53.9% ]
[===========================54.5% ]
[===========================54.7% ]
[===========================55.0% ]
[===========================55.5% ]
[===========================55.8% ]
[===========================55.9% ]
[===========================56.1% ]
[===========================56.1% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.3% ]
[===========================56.3% ]
[===========================56.4% ]
[===========================56.4% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.7% ]
[===========================56.7% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.9%= ]
[===========================56.9%= ]
[===========================56.9%= ]
[===========================57.0%= ]
[===========================57.0%= ]
[===========================57.0%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.2%= ]
[===========================57.2%= ]
[===========================57.2%= ]
[===========================57.3%= ]
[===========================57.3%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.5%= ]
[===========================57.5%= ]
[===========================57.6%= ]
[===========================57.6%= ]
[===========================57.6%= ]
[===========================57.7%= ]
[===========================57.7%= ]
[===========================57.7%= ]
[===========================57.7%= ]
[===========================57.8%= ]
[===========================57.8%= ]
[===========================57.8%= ]
[===========================58.0%= ]
[===========================58.0%= ]
[===========================58.0%= ]
[===========================58.0%= ]
[===========================58.1%= ]
[===========================58.4%= ]
[===========================58.4%= ]
[===========================58.7%== ]
[===========================59.4%== ]
[===========================59.5%== ]
[===========================60.2%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.
========= End of CMD: =========
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45262210 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 45318213 B
Edge => 22784737 B
Chrome => 558027451 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 150984721 B
systemprofile32 => 150984721 B
LocalService => 151083219 B
NetworkService => 412235239 B
Angel => 691849780 B
defaultuser100000 => 692650581 B
RecycleBin => 107554015 B
EmptyTemp: => 2.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:19:36 ====
Good job, Lisa.To ensure that everything is clean:1. Run AdwCleaner (scan only)Download AdwCleaner and save it to your desktop.- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
2. Run Malwarebytes (scan only)- Download Malwarebytes (https://www.malwarebytes.com/mwb-download/thankyou/) and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below. If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:- The AdwCleaner[S0*].txt
- The Malwarebytes report
It found the two PUP files--I didn't quarantine them. Here is the notepad:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-27-2023
# Duration: 00:00:22
# OS: Windows 10 (Build 18363.1556)
# Scanned: 32098
# Detected: 17
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.GetFormsPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
PUP.Optional.GetFormsPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.DellCommand|PowerManager Folder C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager Folder C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1DC2B5-E952-450D-98F6-9AF8FE68F80B}
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/27/23
Scan Time: 7:34 PM
Log File: db38e6b6-8d85-11ee-8557-8cec4b123e2a.json
-Software Information-
Version: 4.6.5.293
Components Version: 1.0.2181
Update Package Version: 1.0.77775
License: Trial
-System Information-
OS: Windows 10 (Build 18363.1556)
CPU: x64
File System: NTFS
User: LAPTOP-Q41MP6MQ\Angel
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269397
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 21 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Hi, Lisa.
Apologies for the way my previous post has been appeared on the screen. It seems that the forum's software messed up the formatting. Let's continue.
AdwCleaner (Clean mode)To proceed, please do the following:
- Double click AdwCleaner.exe on your Desktop, to run it as you did before.
- Click Scan Now.
- When the scan has finished a Scan Results window will open.
- Please check all the boxes and then click Quarantine.
- Click Next.
- If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
- Check any pre-installed software items you want to remove.
- Click Quarantine.
- A prompt to save your work will appear.
- Click Continue when you're ready to proceed.
- A prompt to restart your computer will appear.
- Once your computer has restarted:
- If it doesn't open automatically, please start AdwCleaner.
- Click the Log Files tab.
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
In your next reply, please post:- The AdwCleaner[C0*].txt
- Feedback: how is the computer running now? Any remaining issue/question/concern.
Hello! I'm unsure if I should quarantine any pre-installed software: Dell Command Power Manager, Dell Support Assist Agent, Dell Update for Windows 10, Rivet Networks Smart Byte. Please let me know before I continue the steps. Thank you!
Lisa, if you are not sure, then do not touch the pre-installed software.
Hello! I didn't touch the pre-installed software. I think my system is much better! Thank you!
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-28-2023
# Duration: 00:00:27
# OS: Windows 10 (Build 18363.1556)
# Scanned: 32097
# Detected: 17
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.GetFormsPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
PUP.Optional.GetFormsPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.DellCommand|PowerManager Folder C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager Folder C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1DC2B5-E952-450D-98F6-9AF8FE68F80B}
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY
AdwCleaner[S00].txt - [3538 octets] - [27/11/2023 18:55:40]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
QuoteHello! I didn't touch the pre-installed software.
And you also didn't touch the PUPs found. :) I would like you to remove those. Can you please run AdwCleaner once more and remove the PUPs?
Here is the update after quarantine of the PUPS. Sorry!
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-29-2023
# Duration: 00:00:05
# OS: Windows 10 (Build 18363.1556)
# Cleaned: 4
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [3538 octets] - [27/11/2023 18:55:40]
AdwCleaner[S01].txt - [3599 octets] - [28/11/2023 11:23:03]
AdwCleaner[S02].txt - [3660 octets] - [29/11/2023 17:15:56]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Hi, Lisa.
Yes, now you removed all the PUPs.
I'm glad to hear that the computer is running fine now. However, there is one important step to be done yet. You are still running on version 1909, which reached its end of life in May 2022. That means you no longer receive security updates for your system, which is now vulnerable to any kind of infection. I strongly recommend you to upgrade to the latest Windows version as soon as possible.
To do this:
- Go to this Microsoft page (https://www.microsoft.com/en-us/software-download/windows10/) and under the title Create Windows 10 installation media press on Download tool now.
- Save the tool on your Desktop and double click to run it.
- On the License terms page, if you accept the license terms, select Accept.
- On the What do you want to do page, select Upgrade this PC now, and then select Next.
- Follow the instructions and select Keep personal files and apps, when you are asked to.
- It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don't turn off your PC.
- After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.
Let me know if you successfully upgraded your system.
Hello! I upgraded my system on 12/1. I finally have some time today to respond to you! Thank you!
Thanks, Lisa.
Now, let's see fresh FRST logs, please (Addition and FRST).
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by Angel (administrator) on LAPTOP-Q41MP6MQ (Dell Inc. Inspiron 5570) (04-12-2023 18:23:29)
Running from C:\Users\Angel\Desktop\FRST64.exe
Loaded Profiles: Angel
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2905_none_7dd39c4c7cb9dfa0\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [MicrosoftEdgeAutoLaunch_8638D5878CD50E3AFF48AF9AE1C440CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {8803AE13-734A-460E-B8C5-B9F0C061D0DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {163E4343-E44B-4072-8595-189E3A97CF9A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6F55D18D-8226-4733-9691-F4C7A0B170AC} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF05FAE4-46B2-4BC3-92FA-420C1697ECDE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5254336 2023-05-05] (Microsoft Windows -> Microsoft Corporation)
Task: {8CE4A512-BA15-4796-BCB0-BEE6ADE30C0B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {08A99543-FDFC-4723-9E5E-1C69A3EB6BF8} - System32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {0CF49E34-878B-4387-B7A6-8C40B7993443} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] ->
Task: {6D5AB699-8D4A-42C8-9A03-BE5277DAE395} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {DC76A489-CE8A-4D4A-BECA-2EE98872354D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {F1CAE8F1-7B3F-4129-8F45-E2B358173233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {107CA81F-B564-42D5-8015-A24B2DF2DD9A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {74165412-D8B3-42C8-8AB5-0389CF30FD6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {A6F4CEE5-5EB8-40D2-A948-B00D0D47EA73} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5FCE4DD-8676-4E1D-B57E-BF6BCDA0B5EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {788587C8-D935-41FA-829F-9BF46B6A8A7B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2725A24E-83DB-4850-BC7D-10F291E5EF14} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B411A68-358C-4E71-AEF2-B83B4FB9448F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169656 2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {856B80C5-F69C-4E77-B37A-024A3BB7388A} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {387A0F74-4DA4-42F8-B30A-214A406B5AE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {177B460F-393D-4DE9-80D8-A87396DDD980} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F587718-5432-4CFB-B8CF-FA68A16AAE13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA2E549-BF90-46BF-B9EE-1CB8E353D104} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4546c0b4-61d8-4d7e-aa2f-3c3e236bc249}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
DownloadDir: C:\Users\Angel\OneDrive\Desktop
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge HomePage: Default -> hxxp://dell17swin10.msn.com/?pc=DSJE
Edge Extension: (American Airlines AAdvantage eShopping℠) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dcdiajifnnbipfljbggcbbheipfdmgpo [2023-10-26]
Edge Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-01]
Edge Extension: (Edge relevant text changes) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-10-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2019-03-24] (Geocomply USA, Inc. -> GeoComply)
Chrome:
=======
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2023-12-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe [11580080 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe [11621552 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe [11441328 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe [11443888 2023-05-04] (GeoComply Solutions Inc. -> )
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [329920 2023-05-16] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{B66BB5B6-61C3-4B0F-9CB1-9024055A2CCE} [21312 2023-05-05] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-10-26] (Dell Inc -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-12-04] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe [11535536 2023-05-04] (GeoComply Solutions Inc. -> )
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222800 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188016 2023-12-04] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl2f4886fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D81E6B78-36C4-4C2C-BDCA-B8F47360E242}\MpKslDrv.sys [263560 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 18:23 - 2023-12-04 18:27 - 000027298 _____ C:\Users\Angel\Desktop\FRST.txt
2023-12-04 18:23 - 2023-12-04 18:23 - 002384384 _____ (Farbar) C:\Users\Angel\Desktop\FRST64.exe
2023-12-04 18:23 - 2023-12-04 18:23 - 000000000 ___HD C:\$WinREAgent
2023-12-04 18:23 - 2023-12-04 18:23 - 000000000 ____D C:\Users\Angel\Desktop\FRST-OlderVersion
2023-12-04 18:15 - 2023-12-04 18:15 - 000188016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-12-03 17:57 - 2023-12-03 17:57 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-12-03 16:58 - 2023-12-03 16:58 - 000000000 ____D C:\ProgramData\PLUG
2023-12-01 23:48 - 2023-12-01 22:03 - 000000000 ____D C:\Windows.old
2023-12-01 22:15 - 2023-12-01 22:15 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-12-01 22:07 - 2023-12-01 22:07 - 000000020 ___SH C:\Users\Angel\ntuser.ini
2023-12-01 21:58 - 2023-12-04 17:10 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AFF0136-932C-4F79-9999-48C960EF9F1F}
2023-12-01 21:58 - 2023-12-03 12:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-01 21:58 - 2023-12-01 22:00 - 000003462 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-12-01 21:58 - 2023-12-01 22:00 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-01 21:58 - 2023-12-01 22:00 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-12-01 21:58 - 2023-12-01 21:59 - 000003168 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:59 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:59 - 000002676 _____ C:\WINDOWS\system32\Tasks\GeoComply Update Task
2023-12-01 21:58 - 2023-12-01 21:59 - 000002508 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-12-01 21:58 - 2023-12-01 21:58 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-12-01 21:58 - 2023-12-01 21:58 - 000003264 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000003238 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-12-01 21:58 - 2023-12-01 21:58 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-01 21:58 - 2023-12-01 21:58 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000002596 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2023-12-01 21:58 - 2023-12-01 21:58 - 000002258 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-12-01 21:49 - 2023-12-01 21:58 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-12-01 21:49 - 2023-12-01 21:58 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-12-01 21:15 - 2023-12-03 12:34 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-01 21:15 - 2023-12-01 21:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-12-01 21:03 - 2023-12-01 21:03 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2023-12-01 21:03 - 2023-12-01 21:03 - 000000000 ____D C:\Program Files\Waves
2023-12-01 20:52 - 2023-12-04 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-01 20:52 - 2023-12-01 20:53 - 000454328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-12-01 20:51 - 2023-12-03 12:26 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-01 20:20 - 2023-12-01 23:50 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Crypto
2023-12-01 20:20 - 2023-12-01 20:20 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\SystemCertificates
2023-12-01 20:20 - 2023-12-01 20:20 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Network
2023-12-01 20:19 - 2023-12-01 23:50 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Crypto
2023-12-01 20:19 - 2023-12-01 20:19 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\SystemCertificates
2023-12-01 20:19 - 2023-12-01 20:19 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Network
2023-12-01 20:13 - 2023-12-01 23:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-12-01 20:11 - 2023-12-01 22:11 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows
2023-12-01 20:11 - 2023-12-01 22:07 - 000000000 ____D C:\Users\Angel
2023-12-01 20:11 - 2023-12-01 21:14 - 000000000 ____D C:\Users\defaultuser100000
2023-12-01 20:11 - 2023-12-01 20:11 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows
2023-12-01 20:09 - 2023-12-01 20:13 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files\MSBuild
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-12-01 19:50 - 2023-12-01 19:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-12-01 19:13 - 2023-12-01 22:07 - 000000000 ___DC C:\WINDOWS\Panther
2023-12-01 18:43 - 2023-12-01 18:43 - 000000000 ___HD C:\$Windows.~WS
2023-11-27 19:08 - 2023-11-27 19:08 - 002606880 _____ (Malwarebytes) C:\Users\Angel\Downloads\mb4setup-40000.40000 (1).exe
2023-11-27 18:51 - 2023-11-29 17:24 - 000000000 ____D C:\AdwCleaner
2023-11-27 18:50 - 2023-11-27 18:50 - 008791352 _____ (Malwarebytes) C:\Users\Angel\Desktop\adwcleaner.exe
2023-11-27 18:48 - 2023-11-27 18:48 - 002606880 _____ (Malwarebytes) C:\Users\Angel\Downloads\mb4setup-40000.40000.exe
2023-11-27 13:42 - 2023-11-27 14:19 - 000040612 _____ C:\Users\Angel\Desktop\Fixlog.txt
2023-11-20 16:39 - 2023-11-20 16:42 - 000038334 _____ C:\Users\Angel\Downloads\Addition.txt
2023-11-20 16:35 - 2023-11-20 16:42 - 000033971 _____ C:\Users\Angel\Downloads\FRST.txt
2023-11-20 16:24 - 2023-12-04 18:25 - 000000000 ____D C:\FRST
2023-11-18 08:23 - 2023-11-18 08:23 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-18 08:01 - 2023-11-18 08:01 - 000000000 ____D C:\WINDOWS\{6125BA49-3837-4FD1-B84D-D8725F791C00}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 18:29 - 2023-05-05 07:27 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-04 18:29 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-04 18:29 - 2018-09-01 07:11 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-12-04 18:21 - 2020-10-02 19:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-12-04 18:16 - 2023-05-11 17:15 - 000000000 ____D C:\Users\Angel\AppData\Local\Malwarebytes
2023-12-04 18:15 - 2021-09-06 07:42 - 000000000 ____D C:\Users\Angel\AppData\LocalLow\IGDump
2023-12-04 18:15 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 17:39 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-04 17:32 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-04 17:11 - 2019-11-12 21:53 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-12-03 17:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2023-12-03 17:20 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Packages
2023-12-03 17:20 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Dell
2023-12-03 17:17 - 2017-12-26 15:24 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-03 17:16 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-03 12:58 - 2021-08-17 19:50 - 000000000 ____D C:\Program Files\ruxim
2023-12-03 12:32 - 2018-03-03 13:57 - 000000000 ___RD C:\Users\Angel\OneDrive
2023-12-03 12:28 - 2018-03-03 13:55 - 000000000 __SHD C:\Users\Angel\IntelGraphicsProfiles
2023-12-03 12:26 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-03 12:26 - 2017-12-26 15:29 - 000000000 ___HD C:\Intel
2023-12-03 12:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-03 12:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-12-01 23:51 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-12-01 23:50 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-01 23:50 - 2017-12-26 15:28 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2023-12-01 23:50 - 2017-12-26 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2023-12-01 23:49 - 2023-10-26 18:56 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-12-01 23:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-01 23:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-01 23:49 - 2019-11-13 06:34 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2023-12-01 23:49 - 2019-10-03 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-12-01 23:49 - 2019-06-19 16:23 - 000000000 ____D C:\Program Files\UNP
2023-12-01 23:49 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-12-01 23:49 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Intel
2023-12-01 22:28 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-12-01 22:10 - 2018-06-13 19:09 - 000000000 ____D C:\ProgramData\Packages
2023-12-01 22:10 - 2018-03-03 13:55 - 000000000 ___RD C:\Users\Angel\3D Objects
2023-12-01 22:10 - 2017-12-26 15:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-12-01 22:09 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-01 22:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-12-01 22:01 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-12-01 22:00 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-12-01 21:58 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-12-01 21:18 - 2018-05-28 07:53 - 000026988 _____ C:\WINDOWS\system32\emptyregdb.dat
2023-12-01 21:14 - 2018-09-01 07:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-01 21:14 - 2018-09-01 07:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-12-01 21:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-01 21:04 - 2017-12-26 15:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2023-12-01 21:04 - 2017-12-26 15:26 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2023-12-01 21:01 - 2020-03-15 05:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-01 21:01 - 2020-03-15 05:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-12-01 20:45 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2023-12-01 20:21 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2023-12-01 20:16 - 2017-12-26 15:30 - 000000000 ____D C:\WINDOWS\system32\Intel
2023-12-01 20:14 - 2020-04-17 16:19 - 000000000 ____D C:\WINDOWS\Firmware
2023-12-01 20:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Resources
2023-12-01 20:14 - 2017-12-26 15:26 - 000000000 ____D C:\Program Files\Realtek
2023-12-01 20:14 - 2017-12-26 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2023-12-01 20:13 - 2019-12-07 04:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-12-01 20:11 - 2021-01-18 21:05 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Packages
2023-12-01 19:13 - 2020-02-27 18:41 - 000000000 ____D C:\ESD
2023-11-27 14:19 - 2018-03-18 08:58 - 000000000 ____D C:\Users\Angel\AppData\LocalLow\Temp
2023-11-20 10:18 - 2018-03-03 13:48 - 000000000 ____D C:\ProgramData\Goodix
2023-11-19 19:52 - 2019-10-03 08:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-18 08:17 - 2022-03-28 19:23 - 000000000 ____D C:\Program Files (x86)\Dell
2023-11-15 10:21 - 2018-03-04 13:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 10:16 - 2018-03-04 13:26 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 13:16 - 2021-05-09 08:39 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-11-14 13:16 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Publishers
2023-11-06 19:53 - 2018-03-04 13:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2019-11-12 21:52 - 2019-11-12 21:52 - 000000410 _____ () C:\Users\Angel\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by Angel (04-12-2023 18:40:08)
Running from C:\Users\Angel\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2023-12-02 03:02:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2065802760-3759808543-2889841689-500 - Administrator - Disabled)
Angel (S-1-5-21-2065802760-3759808543-2889841689-1001 - Administrator - Enabled) => C:\Users\Angel
DefaultAccount (S-1-5-21-2065802760-3759808543-2889841689-503 - Limited - Disabled)
Guest (S-1-5-21-2065802760-3759808543-2889841689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2065802760-3759808543-2889841689-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20380 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Power Manager Service (HKLM\...\{A8DFE386-5055-48F6-95C9-8DF312812625}) (Version: 3.15.0 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{5EBD9C95-240B-4CD3-A1C1-DACF9E85518F}) (Version: 5.1.0 - Dell Inc.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.800 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{68A981A0-ED59-41E0-B45E-7A78F643120D}) (Version: 21.40.1.3406 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-13] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-12] (Adobe Systems Incorporated)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.82.0_x64__htrsf667h5kn2 [2023-09-03] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2018-03-08] (Dell Inc)
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.15.14.0_x64__htrsf667h5kn2 [2023-12-03] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.1.35.0_x86__htrsf667h5kn2 [2023-12-01] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.21.0_x64__xbfy0k16fey96 [2023-12-01] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.0.0_x86__8xx8rvfyw5nnt [2023-06-02] (Meta)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-12-01] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-15] (INTEL CORP)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-08] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-13] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-19] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-29] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-07] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B4CC9460FEB1} -> [Creative Cloud Files] => C:\Users\Angel\Creative Cloud Files [2019-11-12 22:01]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-04-21 18:39 - 2020-04-21 18:39 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-21 18:39 - 2020-04-21 18:39 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Angel\Downloads\MediaCreationTool22H2.exe:MBAM.Zone.Identifier [184]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CA168706-49A6-4E06-9E40-7B208C3E83C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2BC0A953-8331-4BFD-9346-589969156B2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{011E5CF1-1781-402F-B446-FA0A62A9E0DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C9B7F190-8D85-47E1-BB7E-B0FC9588C423}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CF4BBB66-3D4D-4ACD-AF79-C78D6E36FCA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7624EE02-A25B-4CF0-91FC-2CAA7C623472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D033555B-A9E3-4F60-A505-023D108AFF97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{48B1C160-E6C2-4601-B14C-3ED10B7A9ECE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81FC792A-6EF0-4BEA-B9CD-AB35D19A3BDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3764BC3B-DBCE-4BEF-B4AA-1E03ADC55DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8192104-7B7A-4354-9D87-0E1C6932F4F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{83DDA12F-42AD-4D42-9E5B-CEC8BB6D9060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8554A220-B1EB-49B5-AEA5-9A60A18F0E32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{232C7206-82B1-4CCA-B205-23B629CDA690}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A403399-07DD-4F4E-9802-3B608E84D880}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{11ECE87B-9D5C-4767-912B-5FEEABCE4244}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B441CDF0-E9C4-4CA7-988C-DBA69AD84243}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AAC3717-2116-4ACD-AA45-725612E315BC}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1E303C55-E8E4-4C2F-894A-D4DA95D7EB4F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0A936ED9-16B6-4086-923E-5F4472018F2F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AB7C5EE9-265F-4243-8A0F-C63C7A937978}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{41123815-B66D-48DD-B9AA-DF763AC314DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{314C1897-5B50-4BCF-A342-C774062D8B75}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7132D4E8-6082-4A6C-B0A7-E4F59EEDEDF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D51CEC3C-6D9C-468F-9D18-3C91F9358C44}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
04-12-2023 17:12:17 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/04/2023 05:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mousocoreworker.exe, version: 10.0.19041.2788, time stamp: 0x08e862ea
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x4afc
Faulting application start time: 0x01da26530e071cce
Faulting application path: C:\Windows\System32\mousocoreworker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 50dd18cb-9ba5-4e94-a7c1-04e226bcb21b
Faulting package full name:
Faulting package-relative application ID:
Error: (12/03/2023 05:17:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/03/2023 04:40:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (12/03/2023 12:27:05 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (12/04/2023 06:25:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/04/2023 06:25:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.
Error: (12/04/2023 06:22:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189).
Error: (12/04/2023 05:33:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240009: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.401.1671.0) - Current Channel (Broad).
Error: (12/03/2023 05:20:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Dell Command | Power Manager Notify service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/03/2023 01:00:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf3: 9WZDNCRFJ2WL-FACEBOOK.FACEBOOK.
Error: (12/03/2023 12:33:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.401.1602.0) - Current Channel (Broad).
Error: (12/03/2023 12:27:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ZeroConfigService service terminated with the following error:
%%2147770990
Windows Defender:
================
Date: 2023-12-03 17:57:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-12-03 16:58:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-12-03 13:12:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:
Date: 2023-12-03 12:25:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.401.1602.0
Previous security intelligence Version: 1.401.1509.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23100.2009
Previous Engine Version: 1.1.23100.2009
Error code: 0x80004004
Error description: Operation aborted
Date: 2023-12-03 12:25:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.401.1602.0
Previous security intelligence Version: 1.401.1509.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23100.2009
Previous Engine Version: 1.1.23100.2009
Error code: 0x80004004
Error description: Operation aborted
CodeIntegrity:
===============
Date: 2023-12-03 16:48:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.14.0 04/06/2023
Motherboard: Dell Inc. 09YTN7
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 71%
Total physical RAM: 8089.29 MB
Available physical RAM: 2338.19 MB
Total Virtual: 11545.29 MB
Available Virtual: 4489.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.1 GB) (Free:849.68 GB) (Model: ST1000LM035-1RK172) NTFS
\\?\Volume{59c1e6e7-83ed-455a-bd83-6b9eb5582c2f}\ () (Fixed) (Total:0.79 GB) (Free:0.08 GB) NTFS
\\?\Volume{effbf4ad-0ae8-4622-97dd-f3d2567c2232}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 843848C4)
Partition: GPT.
==================== End of Addition.txt =======================
Hi, Lisa.
Congratulations! You are upgraded now!
Before we finish, however, I would like to check something else regarding to the system's services.
- Please download Farbar Service Scanner (https://download.bleepingcomputer.com/farbar/FSS.exe) and save it on your Desktop. IMPORTANT.
- Right click on the tool icon and run it as administrator.
- Make sure all the options are checked.
- Click on the Scan button.
- It will create a log (FSS.txt) on your Desktop.
- Copy and paste the log's content to your next reply.
Hi, Lisa.
Are you still with us?
Hello! I was receiving error messages and having system issues just logging on. I haven't been able to download Farbar Service Scanner yet.
The error message is: FSS.exe isn't commonly downloaded. Make sure you trust FSS.exe before you open it.
It is canceled every time I attempt to download it. I don't think there is a way to bypass it. Sorry, I've been busy and wasn't able to provide the reason I couldn't finish the steps.
Thank you!
Hi, Lisa.
Have in mind that when we are trying to fix a system, it is beneficial the responses to be as quick as possible. Day by day, while we are using a computer, things change and makes things more complicated. So, I would appreciate if you dedicate a few time every day, so we can effectively solve your computer's issues, without asking for new logs every time.
For now, and assuming that you are using Edge (based on your logs), please check the screenshots below.
Hello! Sorry, I wasn't able to get MicroSoft Edge to work for days... I kept receiving the hard drive "resolving blue screen errors in Windows " and other error messages. I couldn't get online. I could use Google but it was very slow. Today is the first day I could get into this forum and use Microsoft Edge. Here are the logs:
Farbar Service Scanner Version: 30-04-2023
Ran by Angel (administrator) on 25-12-2023 at 16:15:51
Running from "C:\Users\Angel\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Windows Security:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Hi, Lisa.
Your system's checked services are OK.
Please do the following:
- Download CrystalDiskInfo from here (http://'https//crystalmark.info/redirect.php?product=CrystalDiskInfoInstaller') and save it on your Desktop.
- Run the installer to install the program.
- When finished, open the installed program by double clicking on it.
- If everything is working properly, you should see the status "Good" displayed. Other statuses you might see include "Bad" (which usually indicates a drive that's dead or near death), "Caution" (which indicates a drive that you should most likely be thinking about backing up and replacing), and "Unknown" (which just means that information could not be obtained).
- Let me know the result. You can take a screenshot and attach the result in your next reply.
Hello! Sorry, I've been sick and contacted Corrine (Security Garden) directly. It is a hard drive issue--she had me run the same program. I'm going to get computer help from here out or replace my laptop--I'm trying to log onto it until I get a better solution. I think my system is at least five to six years old. Thank you again for all of the assistance!
She responded that "You can order a new hard disk or an SSD. Your current hard disk is SATA /600, Rotation rate 5400 RPM, capacity 1T. If you get one hard disk, these values would be good but NOT lower. SSDs don't have a rotation rate.
Hi, Lisa.
You don't have to buy a new computer! You only have to buy a new hard disk or an SSD, as Corrine suggested. SSDs are more expensive but faster. It's up to you. Disks fail, this is not something unusual. And if yours failed 5-6 years after you bought the computer, it exceeded the normal end of life limit.
QuoteSorry, I've been sick
I hope you are feeling better now.