DashC Posted May 29, 2021 ID:1460329 Share Posted May 29, 2021 (edited) Hi, Over the last few weeks or months I've noticed that I have basically no space left available on my C drive. Recently, I deleted a few programs to make room, but there's no new space. After looking some online it seems malware may cause this type of issue. Please let me know if any necessary information is missing. FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01 Ran by david (administrator) on DASH (Dell Inc. G5 5587) (29-05-2021 16:14:45) Running from C:\Users\david\OneDrive\Desktop Loaded Profiles: david Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (Dell Inc -> Dell Inc.) C:\Config.Msi\4b8f92e8.rbf (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <42> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ff5b2fc3560f4482\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ff5b2fc3560f4482\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f881c4be237ce854\RstMwService.exe (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.76.8001.0_x64__8wekyb3d8bbwe\XboxApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.985_none_e72c6fe7263b0fe4\TiWorker.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\NVDisplay.Container.exe <2> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3> (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSysSvc64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSvc64.exe [1229072 2018-03-09] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-08-26] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-18] (Valve -> Valve Corporation) HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\Run: [Discord] => C:\Users\david\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Uninstall 21.062.0328.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\amd64" HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Uninstall 21.062.0328.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\21.062.0328.0001" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A7628B0-B3AA-4371-BBEE-57BF3A4669EE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059872 2021-05-24] (Dell Inc -> Dell Inc.) Task: {27AE97D4-4E32-4E35-8245-609872C67C74} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {315E581F-5AC2-4C91-8747-43BEE97809DB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3B324B07-3B1D-4E42-9BAA-7E33D4AB31B7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {44AF7ADA-1C0D-43B1-A063-9E7581F7730B} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry Task: {47C355CF-2177-4489-A449-7853A48830BA} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {4D56F995-884D-4653-BC70-F79F9CCB6059} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {52A89AD9-DFC7-4CA9-99A5-080DC660034C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {5E861203-15E5-464F-AFFE-222098568FB8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {63224137-95C1-45F4-BA93-F8B4166FBD16} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {649F1F27-A4EE-4DEE-A226-289C53664A06} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {64D01835-7808-46FB-B503-D6DB082C247E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.) Task: {674062EC-D5C9-4CA6-8B66-E26EA6076F10} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297728 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7D813D4E-C697-4D70-AE59-66A825E28ED6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [654784 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7F96E1FE-ED2D-4A87-9F7E-F2CB20B7187A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {80E706F2-4CFE-4E4F-8E44-E33A7FB49771} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {B30D4291-EB17-4027-B4CE-45C53C84AADA} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL) Task: {C054285A-CA1C-47D8-8A78-459853B9F7C5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {C7116128-6B8B-4392-9B53-A13B35152094} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982464 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CC3F06A7-D2DB-4672-934A-C4001C3615F5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation) Task: {F67E5BF7-E503-4122-A282-1E11AF9B99F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 Tcpip\..\Interfaces\{c27347a9-b13c-41bd-94b6-3bfdd71b682b}: [DhcpNameServer] 209.18.47.62 209.18.47.61 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\david\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-04] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2020-09-20] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin HKU\S-1-5-21-3939270826-4198879685-2319656068-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-03-30] (Ubisoft Entertainment Sweden AB -> ) Chrome: ======= CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2021-05-29] CHR Notifications: Default -> hxxps://basketball.fantasysports.yahoo.com; hxxps://football.fantasysports.yahoo.com; hxxps://tabletopia.com CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-24] CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-24] CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-24] CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-24] CHR Extension: (McAfee® WebAdvisor) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-05-19] CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-25] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc -> Dell Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [422128 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3975712 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [623136 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1009264 2021-03-30] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc -> Dell Inc.) S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{8ED39894-5E74-4409-8B0B-DD4CC932A634} [21312 2020-10-25] (Microsoft Windows -> Microsoft Corporation) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-05-10] (Dell Inc -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-02-15] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2481304 2018-06-01] (Rivet Networks LLC -> Rivet Networks) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-29] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [915832 2020-02-04] (McAfee, LLC -> McAfee, Inc.) R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-05-24] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-29] (Malwarebytes Inc -> Malwarebytes) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-29] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-29] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-29] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-29] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-29] (Malwarebytes Inc -> Malwarebytes) R3 RfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\RfeCo10X64.sys [158856 2018-06-01] (Rivet Networks LLC -> Rivet Networks, LLC.) R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation) S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-29 16:13 - 2021-05-29 16:14 - 000041038 _____ C:\Users\david\Downloads\Addition.txt 2021-05-29 16:13 - 2021-05-29 16:14 - 000000197 _____ C:\Users\david\Downloads\FRST.txt 2021-05-29 16:12 - 2021-05-29 16:14 - 000000000 ____D C:\FRST 2021-05-29 15:53 - 2021-05-29 15:53 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-05-29 15:53 - 2021-05-29 15:53 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-05-29 15:53 - 2021-05-29 15:53 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-05-29 15:45 - 2021-05-29 15:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-05-29 15:45 - 2021-05-29 15:45 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-05-29 15:45 - 2021-05-29 15:45 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-29 15:45 - 2021-05-29 15:45 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-05-29 15:45 - 2021-05-29 15:45 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-05-29 15:45 - 2021-05-29 15:45 - 000000000 ____D C:\Users\david\AppData\Local\mbam 2021-05-29 15:44 - 2021-05-29 15:44 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-05-29 15:44 - 2021-05-29 15:44 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-05-29 15:44 - 2021-05-29 15:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-05-29 15:44 - 2021-05-29 15:44 - 000000000 ____D C:\Program Files\Malwarebytes 2021-05-29 15:43 - 2021-05-29 15:43 - 002080712 _____ (Malwarebytes) C:\Users\david\Downloads\MBSetup.exe 2021-05-19 20:01 - 2021-05-19 20:01 - 000000000 ____D C:\WINDOWS\{CF8A543D-D96A-4576-B508-DC85C73C29AB} 2021-05-12 02:30 - 2021-05-12 02:30 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-12 02:30 - 2021-05-12 02:30 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-12 02:29 - 2021-05-12 02:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-12 02:29 - 2021-05-12 02:29 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-12 02:29 - 2021-05-12 02:29 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-12 02:29 - 2021-05-12 02:29 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-12 02:29 - 2021-05-12 02:29 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-12 02:29 - 2021-05-12 02:29 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-12 02:29 - 2021-05-12 02:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-12 02:29 - 2021-05-12 02:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-12 02:29 - 2021-05-12 02:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-12 02:29 - 2021-05-12 02:29 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-06 13:51 - 2021-05-06 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-29 16:14 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2021-05-29 16:03 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-29 15:44 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-05-29 15:30 - 2020-10-24 22:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-05-29 14:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-29 14:42 - 2018-09-28 15:16 - 000000000 ____D C:\ProgramData\NVIDIA 2021-05-29 14:40 - 2020-06-23 00:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-29 14:40 - 2020-06-23 00:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-29 14:40 - 2020-06-23 00:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-05-29 14:40 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-27 22:16 - 2020-03-15 16:08 - 000000000 ___DC C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-05-27 19:10 - 2018-11-24 18:43 - 000000000 ____D C:\Program Files (x86)\Steam 2021-05-26 19:10 - 2020-01-20 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2021-05-26 19:09 - 2020-10-24 22:51 - 000003914 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate 2021-05-19 09:40 - 2018-11-24 18:31 - 000000000 ___DC C:\Users\david\AppData\Local\PlaceholderTileLogoFolder 2021-05-14 04:41 - 2018-09-28 15:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-05-13 08:19 - 2020-10-24 22:51 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3939270826-4198879685-2319656068-1001 2021-05-13 08:19 - 2020-10-24 22:47 - 000002369 ____C C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-13 08:19 - 2018-11-24 18:32 - 000000000 ___RD C:\Users\david\OneDrive 2021-05-12 20:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration 2021-05-12 03:04 - 2020-10-24 22:55 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-05-12 03:01 - 2021-03-15 00:44 - 000000000 ____D C:\Users\david\AppData\Local\Notepad 2021-05-12 03:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-05-12 03:01 - 2018-11-24 18:30 - 000000000 __SHD C:\Users\david\IntelGraphicsProfiles 2021-05-12 03:00 - 2020-10-24 22:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-12 03:00 - 2020-10-24 22:45 - 000267624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-12 03:00 - 2020-10-24 22:45 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-12 03:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-05-12 03:00 - 2018-09-28 15:14 - 000000000 ___DC C:\Intel 2021-05-12 02:59 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-12 02:59 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-05-12 02:31 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-05-12 02:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-12 02:24 - 2018-11-27 20:55 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-05-12 02:23 - 2018-11-27 20:55 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-05-11 18:14 - 2020-10-05 23:29 - 000000000 ___HD C:\$WinREAgent 2021-05-10 20:02 - 2018-11-24 18:34 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-05-10 20:02 - 2018-11-24 18:34 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-05-10 20:02 - 2018-11-24 18:34 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-05-06 20:30 - 2018-09-28 15:11 - 000000000 ____D C:\ProgramData\Package Cache 2021-05-06 20:29 - 2018-09-28 15:10 - 000000000 ____D C:\ProgramData\PCDr 2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX ==================== Files in the root of some directories ======== 2020-03-22 21:44 - 2020-01-22 21:44 - 000000032 ____R () C:\ProgramData\hash.dat ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01 Ran by david (29-05-2021 16:15:46) Running from C:\Users\david\OneDrive\Desktop Windows 10 Home Version 2004 19041.985 (X64) (2020-10-25 02:52:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3939270826-4198879685-2319656068-500 - Administrator - Disabled) david (S-1-5-21-3939270826-4198879685-2319656068-1001 - Administrator - Enabled) => C:\Users\david DefaultAccount (S-1-5-21-3939270826-4198879685-2319656068-503 - Limited - Disabled) Guest (S-1-5-21-3939270826-4198879685-2319656068-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3939270826-4198879685-2319656068-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated) Dell Digital Delivery Service (HKLM-x32\...\{66E2407E-9001-483E-B2AA-7AEF97567143}) (Version: 3.6.1005.0 - Dell Products, LP) Dell Mobile Connect Drivers (HKLM\...\{98962E99-9DC0-4B16-9D48-2EED1F5D117E}) (Version: 1.2.6577 - Screenovate Technologies Ltd.) Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.0.0 - Dell Inc.) Dell SupportAssist (HKLM\...\{A3E44B1D-1AC1-414F-A7D4-0824E0A49F3A}) (Version: 3.9.1.245 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.) Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.2.0 - Dell Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC) Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10501.6067 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5017 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.1 - Intel Corporation) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{bce385e6-0b52-413b-b28e-3b9064ea6cde}) (Version: 20.120.1 - Intel Corporation) Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation) Killer Ethernet Performance Driver Suite UWD (HKLM\...\{63FF36C4-ADAC-4177-9818-6DDEE7356EEB}) (Version: 1.7.1015 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.67 - McAfee, LLC.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MTG Arena (HKLM\...\{6AF47923-1D12-40FD-A387-06726918EAB0}) (Version: 0.1.3657 - Wizards of the Coast) NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation) NVIDIA Graphics Driver 457.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.71 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8397 - Realtek Semiconductor Corp.) SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Thunderbolt™ Software (HKLM-x32\...\{6ECDE40C-4023-419A-8A4E-50FB71275876}) (Version: 17.3.73.350 - Intel Corporation) TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) Zoom (HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.) Packages: ========= Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc) Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.90.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc) Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-05-25] (Screenovate Technologies) [Startup Task] Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.9.11.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.9.13.0_x64__htrsf667h5kn2 [2021-05-26] (Dell Inc) Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.2.23.0_x86__htrsf667h5kn2 [2021-05-19] (Dell Inc) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.401.0_x64__rz1tebttyb220 [2021-05-01] (Dolby Laboratories) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-25] (INTEL CORP) [Startup Task] Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2124.0_x64__rh07ty8m5nkag [2018-09-28] (Rivet Networks LLC) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-11-24] (LinkedIn) McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-05-27] (McAfee LLC.) Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad] Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-25] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.8.40.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.) SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.971.0_x64__rh07ty8m5nkag [2021-05-19] (Rivet Networks LLC) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation) Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2018-11-24] (Waves Audio) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3939270826-4198879685-2319656068-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-29] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\nvshext.dll [2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-29] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32-x32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll HKLM\...\Drivers32-x32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll 2020-08-14 22:29 - 2020-08-14 22:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll 2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-04] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-04] (McAfee, LLC -> McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 19:38 - 2018-04-11 19:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\dell-gaming-g-series-wallpaper-g5-red.jpg DNS Servers: 209.18.47.62 - 209.18.47.61 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{E7E8F864-7FF8-4F2E-AB86-D44FC0396686}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe => No File FirewallRules: [TCP Query User{A331F170-62FD-4EC3-89F2-A36D89071B8F}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe => No File FirewallRules: [UDP Query User{C02A7495-EEB8-4F65-A8D8-106AFA672E51}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe => No File FirewallRules: [TCP Query User{5EBDDD86-FBBD-40AC-B5B0-88E7AC039A4D}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe => No File FirewallRules: [UDP Query User{FCC06292-55D5-4155-91E3-240FCD9B8B33}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe => No File FirewallRules: [TCP Query User{5EB998C2-B71C-476D-8110-297E368492F2}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe => No File FirewallRules: [UDP Query User{3CDEC5CD-4BB8-4174-9815-712E271B2840}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [TCP Query User{3F05613B-4B72-4FC2-9E8F-A96336365484}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [{BFCE76C3-0FB8-49D8-A931-1CC3DA42D2FD}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{90FE5D1C-F930-4A6D-9538-2718ABDDA2CB}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{F89A4BCA-145F-4C6B-B382-8CC5778F4DF0}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe => No File FirewallRules: [TCP Query User{34EABDBD-EB50-4075-B4C7-26D0252C5638}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe => No File FirewallRules: [{967B3FBD-6B91-4463-96AA-E2EA1B32338A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A1FB07FE-4F4D-4B0A-9A78-605795601EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FC28B0F7-293D-4D5C-8EE5-60FFB9087B93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{31EDD598-6408-448B-94B7-ECB4E1455E09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B62CBB60-DCB6-41FF-BE99-886A7781C530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E3B956E9-245D-4CA0-BCD6-A719E8838874}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7BBE0F97-F0E6-4C02-896E-9A531FCA21E7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{35FFC89F-A46B-478F-BCD7-BA000A36A5AF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{5022A77B-4D61-493B-820D-33602192A0E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{B33578DD-93CD-4A17-854F-518C4782C71D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{816B6DA9-B7BA-477B-A0AD-E3C4686D2F95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{832E676D-C191-4866-95E1-C5CC34BD4B8A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{4EB23AD8-9C95-42DF-9700-BA777C759513}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File FirewallRules: [{EB514FF1-0926-4369-B978-D7FB902478F6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File FirewallRules: [{D1A9C837-3FC4-4CBD-8C8A-C871C552CAEA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{D1181EE7-9730-4B96-B294-B40EF6BCD075}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{470EA811-070E-44C8-8DA4-742AB4D21B92}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File FirewallRules: [UDP Query User{61CD16E5-5950-4DBA-8E89-EDE33A4FFA59}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File FirewallRules: [TCP Query User{79103DAB-5CFD-4DA4-911E-248D1D9D23AF}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe => No File FirewallRules: [UDP Query User{DBE84ECB-351D-456A-B228-7D294EBA31BA}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe => No File FirewallRules: [{65EFD694-4ACF-43AC-8AAA-A1733CEEB97A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [TCP Query User{21D23C8C-7C5F-4F77-B066-1C31AEE62956}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File FirewallRules: [UDP Query User{A93D6578-526E-4841-98A2-81B45CF21584}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File FirewallRules: [TCP Query User{5CFEF535-A380-4F5D-9E13-21A83DEC1668}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Block) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File FirewallRules: [UDP Query User{0F1E99EC-03C0-4CC4-9F08-54370EFC23D2}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Block) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File FirewallRules: [TCP Query User{6DCBE309-CCAB-4A83-B917-681EC618BF06}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File FirewallRules: [UDP Query User{12CAFE89-6134-40B9-83E7-2800CED58B4F}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File FirewallRules: [{6BE62DE2-F97C-4694-8AF2-739848EB9643}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File FirewallRules: [{EB3C8A4C-0D34-42E9-8FEE-AE97C9DF7DE4}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File FirewallRules: [{4B6D7BFF-E207-4D2E-8291-647B97F33CFF}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File FirewallRules: [{CD33B5CE-8F93-4967-9324-C676102AB06C}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File FirewallRules: [{C20885BD-54A8-40B3-9F47-C6182D8325A4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9CD3A5E9-5306-46D7-8F96-E50CE47467D9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{56C8039F-F5B8-4A5A-975E-0ACE5E0EA138}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{54771355-3A87-4924-8715-99F5E611A544}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FCF89108-9F3C-4798-A467-DD9EBC7FC9DC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0881C91C-1F5B-4E31-B01C-46074273C7D4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5812F562-C2B9-4F49-BEEF-8A36E9500A6A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{1F767657-1D48-472A-9B16-40E36290CC35}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{53642DD0-644F-47D1-8600-72001102910C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File FirewallRules: [{3FB2CBA8-BB3D-4D5C-9B79-F68E7B2B916B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File FirewallRules: [{DDD6F750-0A5F-4EE4-95D9-A0FA8CC37180}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{615D976A-431C-490B-9E28-CAC45EF3F221}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File FirewallRules: [{F6B65DC2-AC36-4BEF-A8ED-82E4819044CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File FirewallRules: [{A21E9D95-718D-433F-8479-6C044F69E110}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13929.20386.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:103.79 GB) (Free:5.84 GB) (6%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/29/2021 02:39:06 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: ) Description: Error from AlertsUserMessage.exe SYS-DS18 Message: Error getting USTT information (InterfaceFunctionNotSupported) Error: (05/27/2021 10:09:17 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH) Description: Product: MTG Arena -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 664,115 KB are required, but only 436,528 KB are available. Click "Ignore" to continue the install without saving recovery information, click "Retry" to check for available space again, or click "Cancel" to quit the installation. Error: (05/27/2021 09:50:41 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH) Description: Product: MTG Arena -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 664,115 KB are required, but only 658,500 KB are available. Click "Ignore" to continue the install without saving recovery information, click "Retry" to check for available space again, or click "Cancel" to quit the installation. Error: (05/27/2021 09:48:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ck3.exe, version: 1.0.0.0, time stamp: 0x60538245 Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xbd2c3c23 Exception code: 0xc0000005 Fault offset: 0x00000000000290b0 Faulting process id: 0x4278 Faulting application start time: 0x01d7534d816a3ed0 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\binaries\ck3.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: dade933c-7b3b-42c0-9638-b8545f7e9398 Faulting package full name: Faulting package-relative application ID: Error: (05/27/2021 07:09:08 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: ) Description: Error from AlertsUserMessage.exe SYS-DS18 Message: Error getting USTT information (InterfaceFunctionNotSupported) Error: (05/26/2021 07:05:15 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: ) Description: Error from AlertsUserMessage.exe SYS-DS18 Message: Error getting USTT information (InterfaceFunctionNotSupported) Error: (05/26/2021 09:01:12 AM) (Source: DellCommandPowerManager) (EventID: 0) (User: ) Description: Error from AlertsUserMessage.exe SYS-DS18 Message: Error getting USTT information (InterfaceFunctionNotSupported) Error: (05/25/2021 09:46:14 AM) (Source: DellCommandPowerManager) (EventID: 0) (User: ) Description: Error from AlertsUserMessage.exe SYS-DS18 Message: Error getting USTT information (InterfaceFunctionNotSupported) System errors: ============= Error: (05/26/2021 07:08:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (05/26/2021 07:08:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (05/20/2021 07:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/20/2021 07:19:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (05/17/2021 08:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/17/2021 08:32:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (05/11/2021 09:49:43 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (05/06/2021 08:26:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: ================ Date: 2021-05-29 15:53:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2021-05-29 15:21:18 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-27 22:20:06 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-26 23:12:42 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-26 19:48:47 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-06 09:21:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.679.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-06 09:21:26 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.679.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-06 09:21:26 Description: Microsoft Defender Antivirus has encountered an error trying to update the engine. New Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-05 18:17:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.679.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-05 18:17:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.679.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. ==================== Memory info =========================== BIOS: Dell Inc. 1.3.0 05/24/2018 Motherboard: Dell Inc. 03PVDF Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz Percentage of memory in use: 57% Total physical RAM: 16178.28 MB Available physical RAM: 6833.64 MB Total Virtual: 20530.28 MB Available Virtual: 4408.34 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:103.79 GB) (Free:5.84 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:924.69 GB) NTFS \\?\Volume{d6292698-46af-4818-9250-1211381e51e6}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.47 GB) NTFS \\?\Volume{d90cabe3-cf87-4bd4-afd9-c9b816516e43}\ (Image) (Fixed) (Total:12.63 GB) (Free:0.27 GB) NTFS \\?\Volume{6e8f6a98-c310-4a59-b827-74d1bd549c1c}\ (DELLSUPPORT) (Fixed) (Total:1.09 GB) (Free:0.48 GB) NTFS \\?\Volume{44a1d637-4476-4c1a-bcd6-6a8930f280f4}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.57 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D7FA1D42) Partition: GPT. ========================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: D7FA06E5) Partition: GPT. ==================== End of Addition.txt ======================= Threat Scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/29/21 Scan Time: 3:53 PM Log File: 7de513f6-c0b7-11eb-964b-3c2c309db9ec.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1308 Update Package Version: 1.0.41091 License: Trial -System Information- OS: Windows 10 (Build 19041.985) CPU: x64 File System: NTFS User: Dash\david -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 283789 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) FRST.txt Addition.txt Edited June 1, 2021 by AlexSmith Updated title to reflect issue Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2021 ID:1460332 Share Posted May 29, 2021 Hello My name is Maurice. Just first initial remarks & comments. The scan report from Malwarebytes reports no malware. We will do other scans later. There is still near 6 Gigabytes of space on C drive. D drive has loads of Free space. Drive c: (OS) (Fixed) (Total:103.79 GB) (Free:5.84 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:924.69 GB) NTFS By the way, as we go forward, please do Not copy n paste any reports that I request. Just only attach. . You can & should run the Windows CLEANMGR tool to free up additional space on the C drive. There is a HOW TO guide on Tenforums. https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html See about using Option TWO Link to post Share on other sites More sharing options...
DashC Posted May 29, 2021 Author ID:1460333 Share Posted May 29, 2021 Thank you for helping and will do on the attachments/copying issue. I've followed the Option Two guide on the tenforums link you provided. It freed up some space but not significantly. I don't know where any of the space is being used. Prior to posting, I had removed several programs trying to resolve the issue, and at this point I have barely any programs on the computer. When I check the storage settings and sort by size, no program is over 500mb. I have no idea what is using almost 100gb on that drive, which is why I suspected malware. Please let me know if there's anything else I can do to confirm Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2021 ID:1460343 Share Posted May 29, 2021 Hello. I am just almost done scouring thru your FRSt. I do not see presence of malware. Remember drive C also has personal files & data beyond just installed programs. . I did notice a failed install 2 days ago. Error: (05/27/2021 10:09:17 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH) Description: Product: MTG Arena -- Disk full: There is not enough disk space . Stop installing new stuff while we work this case. In future, look to selecting CUSTOM install option next time you try to do a setup & try guiding installs to drive D. . For now do scan with this. Let me suggest you do one scan with Adwcleaner to check for adwares. First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2021 ID:1460344 Share Posted May 29, 2021 PS notice to others. This Topic belongs to DASHC Only Administrators, moderators, Experts or Trusted advisors can post on this sub-forum for malware removal help. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460374 Share Posted May 30, 2021 (edited) @DashC. I look forward to getting your results from Adwcleaner. We will be doing more after this. This here is only 1 small part. For the CHROME browser while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" ...... For each other browser on this pc: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data & History .... Let me make a further suggestion: Using this Microsoft guide. I would recommend that you run the Windows built-in CLEANMGR applet, which is the disk and system cleanup applet. https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup Edited May 30, 2021 by Maurice Naggar Added more Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460380 Share Posted May 30, 2021 The MTG download I believe is an automated process - I won't install anything myself while doing this process, and won't open MTG so it doesn't auto-update. Please find the Adware Clean log attached. I have deleted the browsing data and changed the settings as requested. I ran the CLEANMGR applet, but it seems to be the same program you asked me to run earlier. Either way, I ran it again, but it deleted only 10mb of files. AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460383 Share Posted May 30, 2021 (edited) If I am not mistaken, the guide at Tenforums has a sub-sectiom on cleaning up Old Microsoft Updates ( Temporary Windows installation files).under Extended disk cleanup. . Please download the attached fixlist.txt file and save it to the location where you ran FRST from, Onedrive\Desktop Fixlist.txt NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Edited May 30, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460438 Share Posted May 30, 2021 Please find the log attached. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460444 Share Posted May 30, 2021 Thank you for the log. The Windows System File Checker did find & fix some Windows OS system files. . Let's have you do a special scan for viruses. a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460447 Share Posted May 30, 2021 Additional remarks. After the ESET scan, I can guide you to doing a couple more scans to alleviate your suspicions of malware. As to disk space, the last custom Fix has freed up around three quarters of a Gigabyte of space. ---- 721.2 MB. --- by removing TEMP files. Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460450 Share Posted May 30, 2021 I have finished the scan and no issues were detected. It seems I may not have malware. I still have no idea what else could possibly be using up 60 gigs of memory in my Apps & features, since there are virtually no programs installed on the computer at this time. Is there anything else we should do to confirm? Thank you again for your assistance. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460453 Share Posted May 30, 2021 Remember, your own Documents could be quite sizable. Remember too, the Windows Operating system itself can take lots of space. And also, something I alluded to before. Old work areas of older updates of older Windows System updates. That is why I mentioned CLEANMGR twice. . Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460471 Share Posted May 30, 2021 Just occurred to me you probably want the log, so I re-ran the scan and am attaching the log here. ESET.txt Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460472 Share Posted May 30, 2021 Running the Sopho scan now. I don't have that many of my own documents on the computer, and certainly no or few videos or anything substantial. Will report back when scan is complete Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460484 Share Posted May 30, 2021 For sure do report result of Sophos scan. . Later on .....after all that has completed..... You may want to consider these as means of reclaiming disk space. How to Delete Older Versions of File History in Windows 10 https://www.tenforums.com/tutorials/55581-delete-older-versions-file-history-windows-10-a.html How to reclaim space after upgrading to Windows 10 October 2020 Update https://www.windowscentral.com/how-reclaim-space-after-upgrading-windows-10-october-2020-update Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460490 Share Posted May 30, 2021 Hello, No threats were found. It seems there must be some other issue for my space issues. This satisfies me, but if you think we should check any other sources to still confirm please let me know. Thank you again Link to post Share on other sites More sharing options...
DashC Posted May 30, 2021 Author ID:1460491 Share Posted May 30, 2021 I do not have the "Save File Histories" option checked, so I have no file histories, and it appears I don't save previous versions of Windows because that checkbox is not available for me. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460499 Share Posted May 30, 2021 Your pc has McAfee antivirus. That is another tool you can use to check for viruses. . The D drive on this machine setup has Lots of Free space. The C drive apparently is limited to a physical total of 128 GB. However a good chunk will be used by the Windows operating system & Programs & Documents. And Windows 10 Microsoft Update will reserve a goodly chunk for Windows Update. So, this size of C drive will be rather tight. So that one needs to practice to judiciously keep new stuff to the D drive. . As to looking for what BIG files there are, you can see & search by following this sample guide. https://www.wikihow.com/Find-the-Largest-Files-in-Windows-10 Just be real careful & heed it's safety advice. . To check for example for .tmp files, you can search for *.tmp at their line item #4 Files that have an extension ending at *.tmp are temporary files & can be deleted. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 30, 2021 Solution ID:1460500 Share Posted May 30, 2021 PS. More areas to recover space. First, Backup is your best friend. Make a regular habit to Backup your system to offline media. Here below is what I had been trying to convey to recover late areas of space, as long as your system is working fine & you have no need to go back to a prior version of Windows. There are some system files built / saved at the time of a upgrade. There are some you can consider deleting. Study & look over this guide https://www.tenforums.com/tutorials/2066-how-delete-windows-old-windows-bt-folders-windows-10-a.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2021 ID:1462250 Share Posted June 8, 2021 I am glad to have helped. we can proceed with cleanup of tools we used. To remove the FRST tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe Then run that ( double click on it) to begin the cleanup process. Delete esetonlinescanner.exe You should Uninstall SOPHOS from Windows Programs & Features. Any other download file I had you download, you may delete. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2021 ID:1462251 Share Posted June 8, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts