Internet surveillance alerts

Started by lisa20, November 20, 2023, 04:42:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

lisa20

Hello! I'm unsure if I should quarantine any pre-installed software: Dell Command Power Manager, Dell Support Assist Agent, Dell Update for Windows 10, Rivet Networks Smart Byte. Please let me know before I continue the steps. Thank you!


DR M

Lisa, if you are not sure, then do not touch the pre-installed software.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Hello! I didn't touch the pre-installed software. I think my system is much better! Thank you!

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-28-2023
# Duration: 00:00:27
# OS:       Windows 10 (Build 18363.1556)
# Scanned:  32097
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} 
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY


AdwCleaner[S00].txt - [3538 octets] - [27/11/2023 18:55:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

DR M

QuoteHello! I didn't touch the pre-installed software.

And you also didn't touch the PUPs found. :) I would like you to remove those. Can you please run AdwCleaner once more and remove the PUPs?
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Here is the update after quarantine of the PUPS. Sorry!

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-29-2023
# Duration: 00:00:05
# OS:       Windows 10 (Build 18363.1556)
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

  • Delete Tracing Keys
  • Reset Winsock

*************************

AdwCleaner[S00].txt - [3538 octets] - [27/11/2023 18:55:40]
AdwCleaner[S01].txt - [3599 octets] - [28/11/2023 11:23:03]
AdwCleaner[S02].txt - [3660 octets] - [29/11/2023 17:15:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

DR M

Hi, Lisa.

Yes, now you removed all the PUPs.

I'm glad to hear that the computer is running fine now. However, there is one important step to be done yet. You are still running on version 1909, which reached its end of life in May 2022. That means you no longer receive security updates for your system, which is now vulnerable to any kind of infection. I strongly recommend you to upgrade to the latest Windows version as soon as possible.

To do this:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don't turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

Let me know if you successfully upgraded your system.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Hello! I upgraded my system on 12/1. I finally have some time today to respond to you! Thank you!

DR M

Thanks, Lisa.

Now, let's see fresh FRST logs, please (Addition and FRST).

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by Angel (administrator) on LAPTOP-Q41MP6MQ (Dell Inc. Inspiron 5570) (04-12-2023 18:23:29)
Running from C:\Users\Angel\Desktop\FRST64.exe
Loaded Profiles: Angel
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2905_none_7dd39c4c7cb9dfa0\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [MicrosoftEdgeAutoLaunch_8638D5878CD50E3AFF48AF9AE1C440CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8803AE13-734A-460E-B8C5-B9F0C061D0DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {163E4343-E44B-4072-8595-189E3A97CF9A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6F55D18D-8226-4733-9691-F4C7A0B170AC} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF05FAE4-46B2-4BC3-92FA-420C1697ECDE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5254336 2023-05-05] (Microsoft Windows -> Microsoft Corporation)
Task: {8CE4A512-BA15-4796-BCB0-BEE6ADE30C0B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {08A99543-FDFC-4723-9E5E-1C69A3EB6BF8} - System32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {0CF49E34-878B-4387-B7A6-8C40B7993443} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] ->
Task: {6D5AB699-8D4A-42C8-9A03-BE5277DAE395} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {DC76A489-CE8A-4D4A-BECA-2EE98872354D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {F1CAE8F1-7B3F-4129-8F45-E2B358173233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {107CA81F-B564-42D5-8015-A24B2DF2DD9A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {74165412-D8B3-42C8-8AB5-0389CF30FD6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {A6F4CEE5-5EB8-40D2-A948-B00D0D47EA73} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5FCE4DD-8676-4E1D-B57E-BF6BCDA0B5EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {788587C8-D935-41FA-829F-9BF46B6A8A7B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2725A24E-83DB-4850-BC7D-10F291E5EF14} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B411A68-358C-4E71-AEF2-B83B4FB9448F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169656 2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {856B80C5-F69C-4E77-B37A-024A3BB7388A} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {387A0F74-4DA4-42F8-B30A-214A406B5AE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {177B460F-393D-4DE9-80D8-A87396DDD980} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F587718-5432-4CFB-B8CF-FA68A16AAE13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAA2E549-BF90-46BF-B9EE-1CB8E353D104} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4546c0b4-61d8-4d7e-aa2f-3c3e236bc249}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
DownloadDir: C:\Users\Angel\OneDrive\Desktop
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge HomePage: Default -> hxxp://dell17swin10.msn.com/?pc=DSJE
Edge Extension: (American Airlines AAdvantage eShopping℠) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dcdiajifnnbipfljbggcbbheipfdmgpo [2023-10-26]
Edge Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-01]
Edge Extension: (Edge relevant text changes) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-10-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2019-03-24] (Geocomply USA, Inc. -> GeoComply)

Chrome:
=======
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2023-12-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe [11580080 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe [11621552 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe [11441328 2023-05-04] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe [11443888 2023-05-04] (GeoComply Solutions Inc. -> )
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [329920 2023-05-16] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{B66BB5B6-61C3-4B0F-9CB1-9024055A2CCE} [21312 2023-05-05] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-10-26] (Dell Inc -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-12-04] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe [11535536 2023-05-04] (GeoComply Solutions Inc. -> )
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222800 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188016 2023-12-04] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl2f4886fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D81E6B78-36C4-4C2C-BDCA-B8F47360E242}\MpKslDrv.sys [263560 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-04 18:23 - 2023-12-04 18:27 - 000027298 _____ C:\Users\Angel\Desktop\FRST.txt
2023-12-04 18:23 - 2023-12-04 18:23 - 002384384 _____ (Farbar) C:\Users\Angel\Desktop\FRST64.exe
2023-12-04 18:23 - 2023-12-04 18:23 - 000000000 ___HD C:\$WinREAgent
2023-12-04 18:23 - 2023-12-04 18:23 - 000000000 ____D C:\Users\Angel\Desktop\FRST-OlderVersion
2023-12-04 18:15 - 2023-12-04 18:15 - 000188016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-12-03 17:57 - 2023-12-03 17:57 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-12-03 16:58 - 2023-12-03 16:58 - 000000000 ____D C:\ProgramData\PLUG
2023-12-01 23:48 - 2023-12-01 22:03 - 000000000 ____D C:\Windows.old
2023-12-01 22:15 - 2023-12-01 22:15 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-12-01 22:07 - 2023-12-01 22:07 - 000000020 ___SH C:\Users\Angel\ntuser.ini
2023-12-01 21:58 - 2023-12-04 17:10 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AFF0136-932C-4F79-9999-48C960EF9F1F}
2023-12-01 21:58 - 2023-12-03 12:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-01 21:58 - 2023-12-01 22:00 - 000003462 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-12-01 21:58 - 2023-12-01 22:00 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-01 21:58 - 2023-12-01 22:00 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-12-01 21:58 - 2023-12-01 21:59 - 000003168 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:59 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:59 - 000002676 _____ C:\WINDOWS\system32\Tasks\GeoComply Update Task
2023-12-01 21:58 - 2023-12-01 21:59 - 000002508 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-12-01 21:58 - 2023-12-01 21:58 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-12-01 21:58 - 2023-12-01 21:58 - 000003264 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000003238 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-12-01 21:58 - 2023-12-01 21:58 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-01 21:58 - 2023-12-01 21:58 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000002596 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2023-12-01 21:58 - 2023-12-01 21:58 - 000002258 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2065802760-3759808543-2889841689-1001
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2023-12-01 21:58 - 2023-12-01 21:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-12-01 21:49 - 2023-12-01 21:58 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-12-01 21:49 - 2023-12-01 21:58 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-12-01 21:15 - 2023-12-03 12:34 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-01 21:15 - 2023-12-01 21:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-12-01 21:03 - 2023-12-01 21:03 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2023-12-01 21:03 - 2023-12-01 21:03 - 000000000 ____D C:\Program Files\Waves
2023-12-01 20:52 - 2023-12-04 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-01 20:52 - 2023-12-01 20:53 - 000454328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-12-01 20:51 - 2023-12-03 12:26 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-01 20:20 - 2023-12-01 23:50 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Crypto
2023-12-01 20:20 - 2023-12-01 20:20 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\SystemCertificates
2023-12-01 20:20 - 2023-12-01 20:20 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Network
2023-12-01 20:19 - 2023-12-01 23:50 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Crypto
2023-12-01 20:19 - 2023-12-01 20:19 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\SystemCertificates
2023-12-01 20:19 - 2023-12-01 20:19 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Network
2023-12-01 20:13 - 2023-12-01 23:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-12-01 20:11 - 2023-12-01 22:11 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows
2023-12-01 20:11 - 2023-12-01 22:07 - 000000000 ____D C:\Users\Angel
2023-12-01 20:11 - 2023-12-01 21:14 - 000000000 ____D C:\Users\defaultuser100000
2023-12-01 20:11 - 2023-12-01 20:11 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows
2023-12-01 20:09 - 2023-12-01 20:13 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files\MSBuild
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-12-01 20:00 - 2023-12-01 20:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-12-01 19:50 - 2023-12-01 19:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-12-01 19:13 - 2023-12-01 22:07 - 000000000 ___DC C:\WINDOWS\Panther
2023-12-01 18:43 - 2023-12-01 18:43 - 000000000 ___HD C:\$Windows.~WS
2023-11-27 19:08 - 2023-11-27 19:08 - 002606880 _____ (Malwarebytes) C:\Users\Angel\Downloads\mb4setup-40000.40000 (1).exe
2023-11-27 18:51 - 2023-11-29 17:24 - 000000000 ____D C:\AdwCleaner
2023-11-27 18:50 - 2023-11-27 18:50 - 008791352 _____ (Malwarebytes) C:\Users\Angel\Desktop\adwcleaner.exe
2023-11-27 18:48 - 2023-11-27 18:48 - 002606880 _____ (Malwarebytes) C:\Users\Angel\Downloads\mb4setup-40000.40000.exe
2023-11-27 13:42 - 2023-11-27 14:19 - 000040612 _____ C:\Users\Angel\Desktop\Fixlog.txt
2023-11-20 16:39 - 2023-11-20 16:42 - 000038334 _____ C:\Users\Angel\Downloads\Addition.txt
2023-11-20 16:35 - 2023-11-20 16:42 - 000033971 _____ C:\Users\Angel\Downloads\FRST.txt
2023-11-20 16:24 - 2023-12-04 18:25 - 000000000 ____D C:\FRST
2023-11-18 08:23 - 2023-11-18 08:23 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-18 08:01 - 2023-11-18 08:01 - 000000000 ____D C:\WINDOWS\{6125BA49-3837-4FD1-B84D-D8725F791C00}

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-04 18:29 - 2023-05-05 07:27 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-04 18:29 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-04 18:29 - 2018-09-01 07:11 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-12-04 18:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-12-04 18:21 - 2020-10-02 19:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-12-04 18:16 - 2023-05-11 17:15 - 000000000 ____D C:\Users\Angel\AppData\Local\Malwarebytes
2023-12-04 18:15 - 2021-09-06 07:42 - 000000000 ____D C:\Users\Angel\AppData\LocalLow\IGDump
2023-12-04 18:15 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 17:39 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-04 17:32 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-04 17:11 - 2019-11-12 21:53 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-12-03 17:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2023-12-03 17:20 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Packages
2023-12-03 17:20 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Dell
2023-12-03 17:17 - 2017-12-26 15:24 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-03 17:16 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-03 12:58 - 2021-08-17 19:50 - 000000000 ____D C:\Program Files\ruxim
2023-12-03 12:32 - 2018-03-03 13:57 - 000000000 ___RD C:\Users\Angel\OneDrive
2023-12-03 12:28 - 2018-03-03 13:55 - 000000000 __SHD C:\Users\Angel\IntelGraphicsProfiles
2023-12-03 12:26 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-03 12:26 - 2017-12-26 15:29 - 000000000 ___HD C:\Intel
2023-12-03 12:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-03 12:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-12-01 23:51 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-12-01 23:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-12-01 23:50 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-01 23:50 - 2017-12-26 15:28 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2023-12-01 23:50 - 2017-12-26 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2023-12-01 23:49 - 2023-10-26 18:56 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-12-01 23:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-01 23:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-01 23:49 - 2019-11-13 06:34 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2023-12-01 23:49 - 2019-10-03 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-12-01 23:49 - 2019-06-19 16:23 - 000000000 ____D C:\Program Files\UNP
2023-12-01 23:49 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-12-01 23:49 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Intel
2023-12-01 22:28 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-12-01 22:10 - 2018-06-13 19:09 - 000000000 ____D C:\ProgramData\Packages
2023-12-01 22:10 - 2018-03-03 13:55 - 000000000 ___RD C:\Users\Angel\3D Objects
2023-12-01 22:10 - 2017-12-26 15:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-12-01 22:09 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-01 22:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-12-01 22:01 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-12-01 22:00 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-12-01 21:58 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-12-01 21:18 - 2018-05-28 07:53 - 000026988 _____ C:\WINDOWS\system32\emptyregdb.dat
2023-12-01 21:14 - 2018-09-01 07:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-01 21:14 - 2018-09-01 07:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-12-01 21:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-01 21:04 - 2017-12-26 15:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2023-12-01 21:04 - 2017-12-26 15:26 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2023-12-01 21:01 - 2020-03-15 05:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-01 21:01 - 2020-03-15 05:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-12-01 20:45 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2023-12-01 20:21 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2023-12-01 20:16 - 2017-12-26 15:30 - 000000000 ____D C:\WINDOWS\system32\Intel
2023-12-01 20:14 - 2020-04-17 16:19 - 000000000 ____D C:\WINDOWS\Firmware
2023-12-01 20:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Resources
2023-12-01 20:14 - 2017-12-26 15:26 - 000000000 ____D C:\Program Files\Realtek
2023-12-01 20:14 - 2017-12-26 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2023-12-01 20:13 - 2019-12-07 04:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-12-01 20:11 - 2021-01-18 21:05 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Packages
2023-12-01 19:13 - 2020-02-27 18:41 - 000000000 ____D C:\ESD
2023-11-27 14:19 - 2018-03-18 08:58 - 000000000 ____D C:\Users\Angel\AppData\LocalLow\Temp
2023-11-20 10:18 - 2018-03-03 13:48 - 000000000 ____D C:\ProgramData\Goodix
2023-11-19 19:52 - 2019-10-03 08:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-18 08:17 - 2022-03-28 19:23 - 000000000 ____D C:\Program Files (x86)\Dell
2023-11-15 10:21 - 2018-03-04 13:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 10:16 - 2018-03-04 13:26 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 13:16 - 2021-05-09 08:39 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-11-14 13:16 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Publishers
2023-11-06 19:53 - 2018-03-04 13:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories ========

2019-11-12 21:52 - 2019-11-12 21:52 - 000000410 _____ () C:\Users\Angel\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

lisa20

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by Angel (04-12-2023 18:40:08)
Running from C:\Users\Angel\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2023-12-02 03:02:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2065802760-3759808543-2889841689-500 - Administrator - Disabled)
Angel (S-1-5-21-2065802760-3759808543-2889841689-1001 - Administrator - Enabled) => C:\Users\Angel
DefaultAccount (S-1-5-21-2065802760-3759808543-2889841689-503 - Limited - Disabled)
Guest (S-1-5-21-2065802760-3759808543-2889841689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2065802760-3759808543-2889841689-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20380 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Power Manager Service (HKLM\...\{A8DFE386-5055-48F6-95C9-8DF312812625}) (Version: 3.15.0 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{5EBD9C95-240B-4CD3-A1C1-DACF9E85518F}) (Version: 5.1.0 - Dell Inc.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.800 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{68A981A0-ED59-41E0-B45E-7A78F643120D}) (Version: 21.40.1.3406 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-13] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-12] (Adobe Systems Incorporated)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.82.0_x64__htrsf667h5kn2 [2023-09-03] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2018-03-08] (Dell Inc)
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.15.14.0_x64__htrsf667h5kn2 [2023-12-03] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.1.35.0_x86__htrsf667h5kn2 [2023-12-01] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.21.0_x64__xbfy0k16fey96 [2023-12-01] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.0.0_x86__8xx8rvfyw5nnt [2023-06-02] (Meta)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-12-01] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-15] (INTEL CORP)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-08] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-13] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-19] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-29] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-07] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-01] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B4CC9460FEB1} -> [Creative Cloud Files] => C:\Users\Angel\Creative Cloud Files [2019-11-12 22:01]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-04-21 18:39 - 2020-04-21 18:39 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-21 18:39 - 2020-04-21 18:39 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Angel\Downloads\MediaCreationTool22H2.exe:MBAM.Zone.Identifier [184]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CA168706-49A6-4E06-9E40-7B208C3E83C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2BC0A953-8331-4BFD-9346-589969156B2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{011E5CF1-1781-402F-B446-FA0A62A9E0DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C9B7F190-8D85-47E1-BB7E-B0FC9588C423}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CF4BBB66-3D4D-4ACD-AF79-C78D6E36FCA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7624EE02-A25B-4CF0-91FC-2CAA7C623472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D033555B-A9E3-4F60-A505-023D108AFF97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{48B1C160-E6C2-4601-B14C-3ED10B7A9ECE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81FC792A-6EF0-4BEA-B9CD-AB35D19A3BDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3764BC3B-DBCE-4BEF-B4AA-1E03ADC55DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8192104-7B7A-4354-9D87-0E1C6932F4F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{83DDA12F-42AD-4D42-9E5B-CEC8BB6D9060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8554A220-B1EB-49B5-AEA5-9A60A18F0E32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{232C7206-82B1-4CCA-B205-23B629CDA690}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A403399-07DD-4F4E-9802-3B608E84D880}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{11ECE87B-9D5C-4767-912B-5FEEABCE4244}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B441CDF0-E9C4-4CA7-988C-DBA69AD84243}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AAC3717-2116-4ACD-AA45-725612E315BC}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1E303C55-E8E4-4C2F-894A-D4DA95D7EB4F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0A936ED9-16B6-4086-923E-5F4472018F2F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AB7C5EE9-265F-4243-8A0F-C63C7A937978}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{41123815-B66D-48DD-B9AA-DF763AC314DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{314C1897-5B50-4BCF-A342-C774062D8B75}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7132D4E8-6082-4A6C-B0A7-E4F59EEDEDF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D51CEC3C-6D9C-468F-9D18-3C91F9358C44}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

04-12-2023 17:12:17 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2023 05:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mousocoreworker.exe, version: 10.0.19041.2788, time stamp: 0x08e862ea
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x4afc
Faulting application start time: 0x01da26530e071cce
Faulting application path: C:\Windows\System32\mousocoreworker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 50dd18cb-9ba5-4e94-a7c1-04e226bcb21b
Faulting package full name:
Faulting package-relative application ID:

Error: (12/03/2023 05:17:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (12/03/2023 04:40:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (12/03/2023 12:27:05 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1

Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (12/03/2023 12:27:00 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1


System errors:
=============
Error: (12/04/2023 06:25:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/04/2023 06:25:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.

Error: (12/04/2023 06:22:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189).

Error: (12/04/2023 05:33:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240009: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.401.1671.0) - Current Channel (Broad).

Error: (12/03/2023 05:20:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Dell Command | Power Manager Notify service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/03/2023 01:00:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf3: 9WZDNCRFJ2WL-FACEBOOK.FACEBOOK.

Error: (12/03/2023 12:33:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.401.1602.0) - Current Channel (Broad).

Error: (12/03/2023 12:27:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ZeroConfigService service terminated with the following error:
%%2147770990


Windows Defender:
================
Date: 2023-12-03 17:57:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-12-03 16:58:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-12-03 13:12:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:

Date: 2023-12-03 12:25:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.401.1602.0
Previous security intelligence Version: 1.401.1509.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23100.2009
Previous Engine Version: 1.1.23100.2009
Error code: 0x80004004
Error description: Operation aborted

Date: 2023-12-03 12:25:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.401.1602.0
Previous security intelligence Version: 1.401.1509.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23100.2009
Previous Engine Version: 1.1.23100.2009
Error code: 0x80004004
Error description: Operation aborted

CodeIntegrity:
===============
Date: 2023-12-03 16:48:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.14.0 04/06/2023
Motherboard: Dell Inc. 09YTN7
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 71%
Total physical RAM: 8089.29 MB
Available physical RAM: 2338.19 MB
Total Virtual: 11545.29 MB
Available Virtual: 4489.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.1 GB) (Free:849.68 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{59c1e6e7-83ed-455a-bd83-6b9eb5582c2f}\ () (Fixed) (Total:0.79 GB) (Free:0.08 GB) NTFS
\\?\Volume{effbf4ad-0ae8-4622-97dd-f3d2567c2232}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 843848C4)

Partition: GPT.

==================== End of Addition.txt =======================

DR M

Hi, Lisa.

Congratulations! You are upgraded now!

Before we finish, however, I would like to check something else regarding to the system's services.

  • Please download Farbar Service Scanner and save it on your Desktop. IMPORTANT.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

DR M

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Hello! I was receiving error messages and having system issues just logging on. I haven't been able to download Farbar Service Scanner yet.

The error message is: FSS.exe isn't commonly downloaded. Make sure you trust FSS.exe before you open it.

It is canceled every time I attempt to download it. I don't think there is a way to bypass it. Sorry, I've been busy and wasn't able to provide the reason I couldn't finish the steps.

Thank you!




DR M

Hi, Lisa.

Have in mind that when we are trying to fix a system, it is beneficial the responses to be as quick as possible. Day by day, while we are using a computer, things change and makes things more complicated. So, I would appreciate if you dedicate a few time every day, so we can effectively solve your computer's issues, without asking for new logs every time.

For now, and assuming that you are using Edge (based on your logs), please check the screenshots below.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

Hello! Sorry, I wasn't able to get MicroSoft Edge to work for days... I kept receiving the hard drive "resolving blue screen errors in Windows " and other error messages. I couldn't get online. I could use Google but it was very slow. Today is the first day I could get into this forum and use Microsoft Edge. Here are the logs:

Farbar Service Scanner Version: 30-04-2023
Ran by Angel (administrator) on 25-12-2023 at 16:15:51
Running from "C:\Users\Angel\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****