Internet surveillance alerts

Started by lisa20, November 20, 2023, 04:42:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3
User actions

lisa20

November 20, 2023, 04:42:15 PM
Hello again! I started this new topic after attempting the "log posting instructions." I verified that there weren't any sharing programs such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa. However, I downloaded both versions of 32 and 64 bit Farbar Recovery Scan Tool. I attached screen shots of my programs installed.

I received the below error messages for both versions:

Windows protected your PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
More information

The only button to click is "don't run"

Please let me know if I need to uninstall a program or another method to run the scan and provide you with the reports. Thank you!

DR M

#1
November 20, 2023, 06:35:57 PM
Hi, Lisa.

You can click on the More info link and then allow the tool to run. Let me know if you were able to do that.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

#2
November 20, 2023, 09:45:49 PM
Yes, it worked! Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by Angel (administrator) on LAPTOP-Q41MP6MQ (Dell Inc. Inspiron 5570) (20-11-2023 16:35:21)
Running from C:\Users\Angel\Downloads\FRST64.exe
Loaded Profiles: Angel
Platform: Microsoft Windows 10 Home Version 1909 18363.1556 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (DELL) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Angel\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [MicrosoftEdgeAutoLaunch_8638D5878CD50E3AFF48AF9AE1C440CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-18] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8803AE13-734A-460E-B8C5-B9F0C061D0DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {DD5398A8-3A23-4869-BA36-C7E3FFAB32A1} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9F60F853-9343-4D6D-8B90-7CE8B3FEC937} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe  /r (No File)
Task: {CF05FAE4-46B2-4BC3-92FA-420C1697ECDE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [4780136 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  SCHED (No File)
Task: {8CE4A512-BA15-4796-BCB0-BEE6ADE30C0B} - System32\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {08A99543-FDFC-4723-9E5E-1C69A3EB6BF8} - System32\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001 => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {26BE4553-BB4F-4F5B-9FD5-9D81622C9BA1} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] ->
Task: {6D5AB699-8D4A-42C8-9A03-BE5277DAE395} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {DC76A489-CE8A-4D4A-BECA-2EE98872354D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {F1CAE8F1-7B3F-4129-8F45-E2B358173233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {107CA81F-B564-42D5-8015-A24B2DF2DD9A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {74165412-D8B3-42C8-8AB5-0389CF30FD6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60880 2023-11-14] (HP Inc. -> HP Inc.)
Task: {A6F4CEE5-5EB8-40D2-A948-B00D0D47EA73} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5FCE4DD-8676-4E1D-B57E-BF6BCDA0B5EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {788587C8-D935-41FA-829F-9BF46B6A8A7B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2725A24E-83DB-4850-BC7D-10F291E5EF14} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B411A68-358C-4E71-AEF2-B83B4FB9448F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169656 2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {856B80C5-F69C-4E77-B37A-024A3BB7388A} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {FD676106-6387-4200-BC63-62B8D73888B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E6A7A9B5-A73C-42D8-91EB-0655F201D270} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {324EAD25-5283-4D0C-9D58-A6BD0325BF76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {43DCFB29-DC9A-4084-B0FB-F14697B868C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2065802760-3759808543-2889841689-1001.job => C:\Users\Angel\AppData\Local\GoToMeeting\19950\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4546c0b4-61d8-4d7e-aa2f-3c3e236bc249}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
DownloadDir: C:\Users\Angel\OneDrive\Desktop
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-20]
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
Edge HomePage: Default -> hxxp://dell17swin10.msn.com/?pc=DSJE
Edge Extension: (American Airlines AAdvantage eShopping℠) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dcdiajifnnbipfljbggcbbheipfdmgpo [2023-10-26]
Edge Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
Edge Extension: (Edge relevant text changes) - C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-10-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2019-03-24] (Geocomply USA, Inc. -> GeoComply)

Chrome:
=======
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2023-11-20]
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-19] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [317352 2022-06-20] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{D5FA3E6A-4881-4364-BC29-4FD5069EEECE} [21304 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-10-26] (Dell Inc -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9341488 2023-11-03] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl1c0ae35c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D358F163-EB78-4820-B738-9356CCC346F3}\MpKslDrv.sys [54680 2023-11-20] (Microsoft Windows -> Microsoft Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-20 16:35 - 2023-11-20 16:37 - 000027947 _____ C:\Users\Angel\Downloads\FRST.txt
2023-11-20 16:24 - 2023-11-20 16:36 - 000000000 ____D C:\FRST
2023-11-20 08:57 - 2023-11-20 08:57 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-11-20 08:04 - 2023-11-20 08:04 - 000000000 ___HD C:\$WINDOWS.~BT
2023-11-20 08:01 - 2023-11-20 08:01 - 002383872 _____ (Farbar) C:\Users\Angel\Downloads\FRST64.exe
2023-11-20 07:59 - 2023-11-20 07:59 - 002084864 _____ (Farbar) C:\Users\Angel\Downloads\FRST.exe
2023-11-18 19:57 - 2023-11-18 19:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-11-18 19:57 - 2023-11-18 19:57 - 000002383 _____ C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-11-18 08:23 - 2023-11-18 08:23 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-18 08:01 - 2023-11-18 08:01 - 000000000 ____D C:\WINDOWS\{6125BA49-3837-4FD1-B84D-D8725F791C00}
2023-11-15 10:00 - 2023-11-15 10:00 - 000000000 ___HD C:\$WinREAgent
2023-11-03 06:12 - 2023-11-03 06:12 - 001852422 _____ C:\Users\Angel\Downloads\Lisa Rimmington Resume 10.14.23 (1).pdf
2023-11-02 20:34 - 2023-11-02 20:34 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-10-26 18:56 - 2023-10-26 18:56 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-10-24 21:41 - 2023-10-24 21:41 - 000157038 _____ C:\Users\Angel\Downloads\Rimmington,+Lisa_Contract+10.17.23.pdf
2023-10-24 17:57 - 2023-10-24 17:57 - 000000000 ___HD C:\OneDriveTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-20 16:24 - 2020-04-18 18:30 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AFF0136-932C-4F79-9999-48C960EF9F1F}
2023-11-20 16:23 - 2020-04-18 18:09 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-20 16:23 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2023-11-20 16:23 - 2018-09-01 07:11 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-20 16:20 - 2018-03-03 13:57 - 000000000 ___RD C:\Users\Angel\OneDrive
2023-11-20 16:18 - 2023-05-11 17:15 - 000000000 ____D C:\Users\Angel\AppData\Local\Malwarebytes
2023-11-20 16:18 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-20 16:18 - 2018-03-03 13:55 - 000000000 __SHD C:\Users\Angel\IntelGraphicsProfiles
2023-11-20 16:15 - 2020-04-18 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-20 16:15 - 2017-12-26 15:29 - 000000000 ___HD C:\Intel
2023-11-20 11:25 - 2019-11-12 21:53 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-11-20 11:13 - 2020-04-18 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-20 10:18 - 2020-04-18 17:58 - 000000000 ____D C:\Users\Angel
2023-11-20 10:18 - 2018-03-03 13:48 - 000000000 ____D C:\ProgramData\Goodix
2023-11-20 08:09 - 2020-04-12 12:00 - 000000000 ___DC C:\WINDOWS\Panther
2023-11-20 08:04 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-19 19:52 - 2019-10-03 08:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-18 19:57 - 2021-12-10 19:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2023-11-18 08:45 - 2018-09-01 07:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-18 08:45 - 2018-09-01 07:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-11-18 08:32 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-18 08:17 - 2022-03-28 19:23 - 000000000 ____D C:\Program Files (x86)\Dell
2023-11-18 08:16 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Dell
2023-11-16 18:37 - 2020-03-15 05:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-16 18:37 - 2020-03-15 05:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-16 09:28 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2023-11-15 10:21 - 2018-03-04 13:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 10:16 - 2018-03-04 13:26 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 13:16 - 2021-05-09 08:39 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-11-14 13:16 - 2021-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-11-14 13:16 - 2018-03-03 13:55 - 000000000 ____D C:\Users\Angel\AppData\Local\Publishers
2023-11-13 11:41 - 2020-04-18 18:30 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-13 11:41 - 2020-04-18 18:30 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-06 19:53 - 2018-03-04 13:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-30 17:28 - 2020-04-18 18:30 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-30 17:28 - 2020-04-18 18:30 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-26 18:56 - 2020-12-22 19:47 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Zoom
2023-10-25 19:00 - 2020-12-15 20:06 - 000000000 ____D C:\Users\Angel\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2019-11-12 21:52 - 2019-11-12 21:52 - 000000410 _____ () C:\Users\Angel\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

lisa20

#3
November 20, 2023, 09:49:01 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Angel (20-11-2023 16:39:27)
Running from C:\Users\Angel\Downloads
Microsoft Windows 10 Home Version 1909 18363.1556 (X64) (2020-04-18 23:32:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2065802760-3759808543-2889841689-500 - Administrator - Disabled)
Angel (S-1-5-21-2065802760-3759808543-2889841689-1001 - Administrator - Enabled) => C:\Users\Angel
DefaultAccount (S-1-5-21-2065802760-3759808543-2889841689-503 - Limited - Disabled)
Guest (S-1-5-21-2065802760-3759808543-2889841689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2065802760-3759808543-2889841689-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20380 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Power Manager Service (HKLM\...\{17556F90-3FF4-41B6-925D-F23DFDB3D4FC}) (Version: 3.11.0 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{dc44ee3f-d6c1-444d-a660-b0f1ac90b51d}) (Version: 5.5.4.16189 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{5EBD9C95-240B-4CD3-A1C1-DACF9E85518F}) (Version: 5.1.0 - Dell Inc.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.800 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.160 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{68A981A0-ED59-41E0-B45E-7A78F643120D}) (Version: 21.40.1.3406 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Malwarebytes version 4.6.5.293 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.5.293 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{B5664346-4402-4834-81BE-9687BF653BA2}) (Version: 3.26.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-13] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-12] (Adobe Systems Incorporated)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-12] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.82.0_x64__htrsf667h5kn2 [2023-09-03] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2018-03-08] (Dell Inc)
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.14.40.0_x64__htrsf667h5kn2 [2023-04-08] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.1.35.0_x86__htrsf667h5kn2 [2023-11-18] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-09-03] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.0.0_x86__8xx8rvfyw5nnt [2023-06-02] (Meta)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-11-11] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-15] (INTEL CORP)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-08] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-13] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-19] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-29] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-07] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-10] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B4CC9460FEB1} -> [Creative Cloud Files] => C:\Users\Angel\Creative Cloud Files [2019-11-12 22:01]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-12] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0A936ED9-16B6-4086-923E-5F4472018F2F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1E303C55-E8E4-4C2F-894A-D4DA95D7EB4F}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9AAC3717-2116-4ACD-AA45-725612E315BC}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B441CDF0-E9C4-4CA7-988C-DBA69AD84243}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11ECE87B-9D5C-4767-912B-5FEEABCE4244}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A403399-07DD-4F4E-9802-3B608E84D880}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{232C7206-82B1-4CCA-B205-23B629CDA690}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8554A220-B1EB-49B5-AEA5-9A60A18F0E32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83DDA12F-42AD-4D42-9E5B-CEC8BB6D9060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45778EF2-8AA6-4927-826F-9899DFF88A72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BC6C325-9D8C-4C2F-9810-D74957942966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6089B82F-29D2-4619-B241-370FF99F85D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78B535B1-1D0A-45EF-88DC-7C1ECC075D66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A30F533-30D5-4CCF-9812-57FE5849865B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EC348B71-9A8F-4CB6-B56F-4FFA681072FF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-11-2023 10:15:44 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2023 04:28:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3448,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/20/2023 04:15:54 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/20/2023 04:15:48 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/20/2023 04:15:47 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/20/2023 11:30:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15396,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/20/2023 11:13:12 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3728,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (11/20/2023 04:23:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-Q41MP6MQ)
Description: The server Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (11/20/2023 04:16:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%2147770990

Error: (11/20/2023 04:15:03 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (11/20/2023 04:15:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:11 AM on ‎11/‎20/‎2023 was unexpected.

Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/20/2023 10:25:54 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/20/2023 10:25:11 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-Q41MP6MQ)
Description: The server Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2023-11-20 08:25:38.902
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-18 20:09:19.877
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-16 12:01:20.965
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-16 10:50:36.593
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-16 10:46:27.700
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:

Date: 2023-11-19 19:56:39.774
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.883.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2023-11-07 19:53:43.290
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.250.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-10-11 20:18:12.027
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.399.384.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23090.2007
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-09-23 13:32:31.164
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1367.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-09-21 19:48:16.335
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1139.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

==================== Memory info ===========================

BIOS: Dell Inc. 1.14.0 04/06/2023
Motherboard: Dell Inc. 09YTN7
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8089.29 MB
Available physical RAM: 3289.83 MB
Total Virtual: 11545.29 MB
Available Virtual: 5809.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.27 GB) (Free:855.94 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{72977a33-1d91-40e5-8469-afcc009adffe}\ () (Fixed) (Total:0.62 GB) (Free:0.07 GB) NTFS
\\?\Volume{effbf4ad-0ae8-4622-97dd-f3d2567c2232}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 843848C4)

Partition: GPT.

==================== End of Addition.txt =======================

DR M

#4
November 21, 2023, 08:38:38 AM
Hello, Lisa, and thanks for the logs.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback.  If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


=======================

There is a lot to say, after reviewing your logs.

Let's start step by step:

1. Move FRST

Please move the tool from your Downloads folder on to your Desktop.


2. Notifications

Did you intentionally set receiving notifications from the following sites, either on Chrome or Edge?

Code Select
hxxps://concerts.livenation.com;
hxxps://www.beachbodyondemand.com;
hxxps://www.facebook.com;
hxxps://www.sephora.com;
hxxps://www.tangeroutlet.com;
hxxps://www.ticketmaster.com
hxxps://www.beachbodyondemand.com;
hxxps://www.draftkings.com

3. Surveillance alerts

Can you give us an example of what you are getting? A screenshot or a photo to attach, or a more detailed description of the issue?


In your next reply please post:

  • Your reply about notifications
  • An example of the alerts you are getting, if this is possible
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

#5
November 21, 2023, 02:20:39 PM
Hello! Yes, I most likely set the notifications from those websites--I use them. I really don't need the notifications. Last week, I started having system issues like the speed to view emails is so slow that I close it and try it later. I have AAA alert and last week was the first time in six years that I received this email:
   
Every day, ProtectMyID® monitors your Experian® credit file to notify you of key changes made to your credit report.

Below is a summary of the alerts you received over the last month.

Service   Quantity
Internet Surveillance   2


Since I've never received that and my I'm having system issues, I thought this is an issue!

Thank you!

winchester73

#6
November 21, 2023, 04:38:41 PM
ProtectMyID® is identity theft protection offered by AAA.  Is it possible that you enrolled in the service, either on purpose or by accidentally checking the box on a renewal form?  They have a free version, and two paid options if memory serves.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

DR M

#7
November 21, 2023, 07:25:02 PM
Hi, Lisa.

I don't have an explanation other than Winchester's above, about the email you got, at the moment.

I would mention it later, but since you talked about slowness, I need to tell you that there are signs that your hard disk started failing. The following lines are from your logs:

Code Select
Error: (11/20/2023 10:25:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

So, before we move on with the cleaning procedure, I will recommend you to save all your files in an external disk, just in case.

After that:

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes to several hours, depending on the disk's condition).

Code Select
  chkdsk C: /r

  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.


Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

#8
November 25, 2023, 06:00:36 PM
Hello! Okay! I saved my files elsewhere. I restarted my computer but had issues logging in--it gave me an error message that I'm not signed in... However, I was able to finish the last step and receive this notepad content:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 11/25/2023 12:50:12 PM >------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97518
Source Name: Chkdsk
Time Written: 11-23-2023 @ 15:20:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 1.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97075
Source Name: Chkdsk
Time Written: 11-20-2023 @ 15:25:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 96548
Source Name: Chkdsk
Time Written: 11-17-2023 @ 00:16:28
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 95185
Source Name: Chkdsk
Time Written: 11-11-2023 @ 00:55:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 94120
Source Name: Chkdsk
Time Written: 11-02-2023 @ 23:27:36
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 93568
Source Name: Chkdsk
Time Written: 10-26-2023 @ 22:39:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.8 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 92998
Source Name: Chkdsk
Time Written: 10-21-2023 @ 00:06:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 91582
Source Name: Chkdsk
Time Written: 10-10-2023 @ 00:03:45
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90657
Source Name: Chkdsk
Time Written: 09-30-2023 @ 18:19:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90206
Source Name: Chkdsk
Time Written: 09-21-2023 @ 23:26:55
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.5 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 89354
Source Name: Chkdsk
Time Written: 09-07-2023 @ 21:51:46
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 87577
Source Name: Chkdsk
Time Written: 08-17-2023 @ 23:30:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 86190
Source Name: Chkdsk
Time Written: 08-01-2023 @ 01:13:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 85472
Source Name: Chkdsk
Time Written: 07-14-2023 @ 21:47:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.5 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 83900
Source Name: Chkdsk
Time Written: 06-23-2023 @ 18:21:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 82931
Source Name: Chkdsk
Time Written: 06-13-2023 @ 21:29:13
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 81864
Source Name: Chkdsk
Time Written: 05-26-2023 @ 12:43:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 79128
Source Name: Chkdsk
Time Written: 05-06-2023 @ 17:46:57
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 74853
Source Name: Chkdsk
Time Written: 03-11-2023 @ 14:10:14
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 1.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 73124
Source Name: Chkdsk
Time Written: 02-14-2023 @ 06:10:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 71847
Source Name: Chkdsk
Time Written: 01-21-2023 @ 00:16:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68705
Source Name: Chkdsk
Time Written: 12-08-2022 @ 01:32:03
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.9 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68156
Source Name: Chkdsk
Time Written: 11-27-2022 @ 23:32:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 67689
Source Name: Chkdsk
Time Written: 11-24-2022 @ 00:55:50
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------

DR M

#9
November 25, 2023, 07:11:50 PM
Hi, Lisa.

I see that you run the chkdsk utility regularly. There is no reason to do that.

The result is shown in these words:

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

However, I'm glad you made a backup. As soon as an issue appears with the disk, you never know when it completely fails.

Moving on. Please, make sure you moved FRST tool from your Downloads folder on to your Desktop.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code (auto:0) Select
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe  /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

#10
November 27, 2023, 07:28:11 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Angel (27-11-2023 13:42:51) Run:1
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe  /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"Edge Notifications" => removed successfully
"Chrome Notifications" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
MpKsldb0ad81e => service not found.
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7B5BEF7-A830-43A7-858A-05667B872EEA} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E8A4F54-6F86-43BD-9350-E47196E4DE22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A1A5494-F9ED-4252-80D3-3894C4A60692}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DD474BD-39EF-4A33-A490-0302BD8EF941}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83EF1896-B1DE-49A7-A92D-6D9C18954E56}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{321D00A1-B58D-4A35-907B-A422036EF256}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B524FE52-59B4-4BBF-8247-E2FD16615CD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C201ACD-7498-4572-BD88-45D40433C8E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BDE6974-363F-42B0-8A35-BDD30AC0086F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E292E65-461D-4921-A25B-3A03C76F385B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{486BAE9B-F831-482C-9AD5-87AF06C98AE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.18362.1379

Image Version: 10.0.18363.1556


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.1%                           ]

[==                         4.2%                           ]

[==                         4.5%                           ]

[==                         4.7%                           ]

[==                         4.9%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.5%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.2%                           ]

[===                        6.3%                           ]

[===                        6.5%                           ]

[===                        6.6%                           ]

[===                        6.7%                           ]

[===                        6.9%                           ]

[====                       7.0%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.5%                           ]

[====                       7.6%                           ]

[====                       7.7%                           ]

[====                       7.9%                           ]

[====                       7.9%                           ]

[====                       8.2%                           ]

[====                       8.4%                           ]

[====                       8.6%                           ]

[=====                      8.8%                           ]

[=====                      9.1%                           ]

[=====                      9.3%                           ]

[=====                      9.5%                           ]

[=====                      9.6%                           ]

[=====                      9.8%                           ]

[=====                      10.0%                          ]

[=====                      10.1%                          ]

[=====                      10.3%                          ]

[======                     10.5%                          ]

[======                     10.6%                          ]

[======                     10.9%                          ]

[======                     10.9%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.5%                          ]

[======                     11.6%                          ]

[======                     11.8%                          ]

[======                     11.8%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.4%                          ]

[=======                    12.5%                          ]

[=======                    12.6%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.1%                          ]

[=======                    13.3%                          ]

[=======                    13.4%                          ]

[=======                    13.7%                          ]

[========                   13.8%                          ]

[========                   14.0%                          ]

[========                   14.3%                          ]

[========                   14.4%                          ]

[========                   14.6%                          ]

[========                   14.9%                          ]

[========                   15.1%                          ]

[========                   15.4%                          ]

[=========                  15.5%                          ]

[=========                  15.6%                          ]

[=========                  15.9%                          ]

[=========                  16.2%                          ]

[=========                  16.2%                          ]

[=========                  16.5%                          ]

[=========                  16.6%                          ]

[=========                  16.9%                          ]

[=========                  17.1%                          ]

[=========                  17.2%                          ]

[==========                 17.4%                          ]

[==========                 17.7%                          ]

[==========                 17.8%                          ]

[==========                 18.0%                          ]

[==========                 18.2%                          ]

[==========                 18.6%                          ]

[==========                 18.6%                          ]

[==========                 18.8%                          ]

[==========                 18.9%                          ]

[==========                 18.9%                          ]

[===========                19.2%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                20.0%                          ]

[===========                20.4%                          ]

[============               21.4%                          ]

[============               22.3%                          ]

[=============              22.8%                          ]

[=============              23.2%                          ]

[=============              23.6%                          ]

[=============              23.9%                          ]

[==============             24.3%                          ]

[==============             24.8%                          ]

[==============             25.1%                          ]

[==============             25.6%                          ]

[===============            26.2%                          ]

[===============            26.8%                          ]

[===============            27.3%                          ]

[================           27.8%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.8%                          ]

[================           28.8%                          ]

[================           29.1%                          ]

[================           29.1%                          ]

[=================          29.4%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.6%                          ]

[=================          30.7%                          ]

[=================          31.0%                          ]

[==================         31.1%                          ]

[==================         31.4%                          ]

[==================         31.6%                          ]

[==================         31.9%                          ]

[==================         32.2%                          ]

[==================         32.4%                          ]

[==================         32.8%                          ]

[===================        33.0%                          ]

[===================        33.3%                          ]

[===================        33.5%                          ]

[===================        33.8%                          ]

[===================        34.0%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.8%                          ]

[====================       35.0%                          ]

[====================       35.2%                          ]

[====================       35.5%                          ]

[====================       35.7%                          ]

[====================       35.9%                          ]

[====================       36.2%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.7%                          ]

[=====================      37.0%                          ]

[=====================      37.1%                          ]

[=====================      37.5%                          ]

[=====================      37.7%                          ]

[======================     38.1%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.6%                          ]

[======================     38.9%                          ]

[======================     39.1%                          ]

[======================     39.4%                          ]

[======================     39.6%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.4%                          ]

[=======================    40.5%                          ]

[=======================    40.9%                          ]

[=======================    41.1%                          ]

[=======================    41.2%                          ]

[=======================    41.3%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.6%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.9%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.1%                          ]

[========================   42.2%                          ]

[========================   42.2%                          ]

[========================   42.3%                          ]

[========================   42.3%                          ]

[========================   42.5%                          ]

[========================   42.5%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.7%                          ]

[========================   42.8%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   43.0%                          ]

[========================   43.0%                          ]

[========================   43.1%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.4%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.6%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  44.0%                          ]

[=========================  44.1%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.4%                          ]

[=========================  44.5%                          ]

[=========================  44.6%                          ]

[=========================  44.6%                          ]

[=========================  44.7%                          ]

[=========================  44.8%                          ]

[========================== 44.8%                          ]

[========================== 44.9%                          ]

[========================== 45.1%                          ]

[========================== 45.1%                          ]

[========================== 45.2%                          ]

[========================== 45.4%                          ]

[========================== 45.4%                          ]

[========================== 45.6%                          ]

[========================== 45.6%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 45.9%                          ]

[========================== 45.9%                          ]

[========================== 46.0%                          ]

[========================== 46.0%                          ]

[========================== 46.2%                          ]

[========================== 46.4%                          ]

[===========================46.6%                          ]

[===========================46.7%                          ]

[===========================46.9%                          ]

[===========================46.9%                          ]

[===========================47.2%                          ]

[===========================47.3%                          ]

[===========================47.6%                          ]

[===========================47.8%                          ]

[===========================47.9%                          ]

[===========================47.9%                          ]

[===========================48.1%                          ]

[===========================48.2%                          ]

[===========================48.5%                          ]

[===========================48.5%                          ]

[===========================48.8%                          ]

[===========================48.9%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.4%                          ]

[===========================49.4%                          ]

[===========================49.5%                          ]

[===========================49.6%                          ]

[===========================49.9%                          ]

[===========================50.0%                          ]

[===========================50.3%                          ]

[===========================50.6%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.5%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================52.1%                          ]

[===========================52.4%                          ]

[===========================52.9%                          ]

[===========================53.4%                          ]

[===========================53.9%                          ]

[===========================54.5%                          ]

[===========================54.7%                          ]

[===========================55.0%                          ]

[===========================55.5%                          ]

[===========================55.8%                          ]

[===========================55.9%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.3%                          ]

[===========================56.3%                          ]

[===========================56.4%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.6%                          ]

[===========================56.6%                          ]

[===========================56.6%                          ]

[===========================56.7%                          ]

[===========================56.7%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.2%=                         ]

[===========================57.2%=                         ]

[===========================57.3%=                         ]

[===========================57.3%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.5%=                         ]

[===========================57.5%=                         ]

[===========================57.6%=                         ]

[===========================57.6%=                         ]

[===========================57.6%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.8%=                         ]

[===========================57.8%=                         ]

[===========================57.8%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.1%=                         ]

[===========================58.4%=                         ]

[===========================58.4%=                         ]

[===========================58.7%==                        ]

[===========================59.4%==                        ]

[===========================59.5%==                        ]

[===========================60.2%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.



========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45262210 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 45318213 B
Edge => 22784737 B
Chrome => 558027451 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 150984721 B
systemprofile32 => 150984721 B
LocalService => 151083219 B
NetworkService => 412235239 B
Angel => 691849780 B
defaultuser100000 => 692650581 B

RecycleBin => 107554015 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:19:36 ====

DR M

#11
November 27, 2023, 07:47:20 PM
    Good job,
Lisa.To ensure that everything is clean:1. Run AdwCleaner (scan only)Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now.
      • When the scan has finished, a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab.
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.
2. Run Malwarebytes (scan only)
    • Download Malwarebytes and save it to your Desktop.
    • Once downloaded, close all programs and Windows on your computer.
    • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
    • Follow the instructions to install the program.
    • When finished, double click the program's icon created on your Desktop.
    • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
      Code (auto:0) Select
      Under the title Scan Options, all the options are checked.
      Under the title Windows Security Center (Premium only) the option is NOT checked.
      Under the title Potentially unwanted items all options are set to Always.
    • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
    • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below. If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.
In your next reply, please post:
    • The AdwCleaner[S0*].txt
    • The Malwarebytes report
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

lisa20

#12
November 28, 2023, 12:00:01 AM
It found the two PUP files--I didn't quarantine them. Here is the notepad:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-27-2023
# Duration: 00:00:22
# OS:       Windows 10 (Build 18363.1556)
# Scanned:  32098
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} 
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

lisa20

#13
November 28, 2023, 01:20:28 AM
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/27/23
Scan Time: 7:34 PM
Log File: db38e6b6-8d85-11ee-8557-8cec4b123e2a.json

-Software Information-
Version: 4.6.5.293
Components Version: 1.0.2181
Update Package Version: 1.0.77775
License: Trial

-System Information-
OS: Windows 10 (Build 18363.1556)
CPU: x64
File System: NTFS
User: LAPTOP-Q41MP6MQ\Angel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269397
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

DR M

#14
November 28, 2023, 06:20:24 AM

Hi, Lisa.

Apologies for the way my previous post has been appeared on the screen. It seems that the forum's software messed up the formatting. Let's continue.   
   

AdwCleaner (Clean mode)

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  • The AdwCleaner[C0*].txt
  • Feedback: how is the computer running now? Any remaining issue/question/concern.

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."
Print
Go Up Pages1 2 3
User actions