Jump to content

Low space remaining in hard drive - suspect malware


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi,

Over the last few weeks or months I've noticed that I have basically no space left available on my C drive.  Recently, I deleted a few programs to make room, but there's no new space.  After looking some online it seems malware may cause this type of issue.  Please let me know if any necessary information is missing.


FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by david (administrator) on DASH (Dell Inc. G5 5587) (29-05-2021 16:14:45)
Running from C:\Users\david\OneDrive\Desktop
Loaded Profiles: david
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Config.Msi\4b8f92e8.rbf
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <42>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ff5b2fc3560f4482\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ff5b2fc3560f4482\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f881c4be237ce854\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.76.8001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.985_none_e72c6fe7263b0fe4\TiWorker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\WavesSvc64.exe [1229072 2018-03-09] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-08-26] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\Run: [Discord] => C:\Users\david\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Uninstall 21.062.0328.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\amd64"
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\RunOnce: [Uninstall 21.062.0328.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\21.062.0328.0001"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A7628B0-B3AA-4371-BBEE-57BF3A4669EE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059872 2021-05-24] (Dell Inc -> Dell Inc.)
Task: {27AE97D4-4E32-4E35-8245-609872C67C74} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {315E581F-5AC2-4C91-8747-43BEE97809DB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B324B07-3B1D-4E42-9BAA-7E33D4AB31B7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {44AF7ADA-1C0D-43B1-A063-9E7581F7730B} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {47C355CF-2177-4489-A449-7853A48830BA} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {4D56F995-884D-4653-BC70-F79F9CCB6059} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52A89AD9-DFC7-4CA9-99A5-080DC660034C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {5E861203-15E5-464F-AFFE-222098568FB8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {63224137-95C1-45F4-BA93-F8B4166FBD16} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {649F1F27-A4EE-4DEE-A226-289C53664A06} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {64D01835-7808-46FB-B503-D6DB082C247E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)
Task: {674062EC-D5C9-4CA6-8B66-E26EA6076F10} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297728 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D813D4E-C697-4D70-AE59-66A825E28ED6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [654784 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F96E1FE-ED2D-4A87-9F7E-F2CB20B7187A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80E706F2-4CFE-4E4F-8E44-E33A7FB49771} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {B30D4291-EB17-4027-B4CE-45C53C84AADA} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {C054285A-CA1C-47D8-8A78-459853B9F7C5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => c:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {C7116128-6B8B-4392-9B53-A13B35152094} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982464 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC3F06A7-D2DB-4672-934A-C4001C3615F5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => c:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-01-26] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {F67E5BF7-E503-4122-A282-1E11AF9B99F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-24] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{c27347a9-b13c-41bd-94b6-3bfdd71b682b}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\david\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2020-09-20] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-3939270826-4198879685-2319656068-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-03-30] (Ubisoft Entertainment Sweden AB -> )

Chrome: 
=======
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2021-05-29]
CHR Notifications: Default -> hxxps://basketball.fantasysports.yahoo.com; hxxps://football.fantasysports.yahoo.com; hxxps://tabletopia.com
CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-24]
CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-24]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-24]
CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [422128 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3975712 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [623136 2021-03-09] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1009264 2021-03-30] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{8ED39894-5E74-4409-8B0B-DD4CC932A634} [21312 2020-10-25] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-05-10] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-02-15] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2481304 2018-06-01] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [915832 2020-02-04] (McAfee, LLC -> McAfee, Inc.)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-05-24] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-29] (Malwarebytes Inc -> Malwarebytes)
R3 RfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\RfeCo10X64.sys [158856 2018-06-01] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 16:13 - 2021-05-29 16:14 - 000041038 _____ C:\Users\david\Downloads\Addition.txt
2021-05-29 16:13 - 2021-05-29 16:14 - 000000197 _____ C:\Users\david\Downloads\FRST.txt
2021-05-29 16:12 - 2021-05-29 16:14 - 000000000 ____D C:\FRST
2021-05-29 15:53 - 2021-05-29 15:53 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-29 15:53 - 2021-05-29 15:53 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-29 15:53 - 2021-05-29 15:53 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-29 15:45 - 2021-05-29 15:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-29 15:45 - 2021-05-29 15:45 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-29 15:45 - 2021-05-29 15:45 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-29 15:45 - 2021-05-29 15:45 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-29 15:45 - 2021-05-29 15:45 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-29 15:45 - 2021-05-29 15:45 - 000000000 ____D C:\Users\david\AppData\Local\mbam
2021-05-29 15:44 - 2021-05-29 15:44 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-29 15:44 - 2021-05-29 15:44 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-29 15:44 - 2021-05-29 15:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-29 15:44 - 2021-05-29 15:44 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-29 15:43 - 2021-05-29 15:43 - 002080712 _____ (Malwarebytes) C:\Users\david\Downloads\MBSetup.exe
2021-05-19 20:01 - 2021-05-19 20:01 - 000000000 ____D C:\WINDOWS\{CF8A543D-D96A-4576-B508-DC85C73C29AB}
2021-05-12 02:30 - 2021-05-12 02:30 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 02:30 - 2021-05-12 02:30 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 02:29 - 2021-05-12 02:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 02:29 - 2021-05-12 02:29 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 02:29 - 2021-05-12 02:29 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 02:29 - 2021-05-12 02:29 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 02:29 - 2021-05-12 02:29 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 02:29 - 2021-05-12 02:29 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 02:29 - 2021-05-12 02:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 02:29 - 2021-05-12 02:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 02:29 - 2021-05-12 02:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 02:29 - 2021-05-12 02:29 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-06 13:51 - 2021-05-06 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 16:14 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-29 16:03 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-29 15:44 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-29 15:30 - 2020-10-24 22:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-29 14:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-29 14:42 - 2018-09-28 15:16 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-29 14:40 - 2020-06-23 00:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-29 14:40 - 2020-06-23 00:37 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-29 14:40 - 2020-06-23 00:37 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-29 14:40 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-27 22:16 - 2020-03-15 16:08 - 000000000 ___DC C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-27 19:10 - 2018-11-24 18:43 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-26 19:10 - 2020-01-20 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-05-26 19:09 - 2020-10-24 22:51 - 000003914 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-05-19 09:40 - 2018-11-24 18:31 - 000000000 ___DC C:\Users\david\AppData\Local\PlaceholderTileLogoFolder
2021-05-14 04:41 - 2018-09-28 15:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-13 08:19 - 2020-10-24 22:51 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3939270826-4198879685-2319656068-1001
2021-05-13 08:19 - 2020-10-24 22:47 - 000002369 ____C C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-13 08:19 - 2018-11-24 18:32 - 000000000 ___RD C:\Users\david\OneDrive
2021-05-12 20:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2021-05-12 03:04 - 2020-10-24 22:55 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-12 03:01 - 2021-03-15 00:44 - 000000000 ____D C:\Users\david\AppData\Local\Notepad
2021-05-12 03:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-12 03:01 - 2018-11-24 18:30 - 000000000 __SHD C:\Users\david\IntelGraphicsProfiles
2021-05-12 03:00 - 2020-10-24 22:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-12 03:00 - 2020-10-24 22:45 - 000267624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-12 03:00 - 2020-10-24 22:45 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-12 03:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-12 03:00 - 2018-09-28 15:14 - 000000000 ___DC C:\Intel
2021-05-12 02:59 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-12 02:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 02:59 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-12 02:31 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 02:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 02:24 - 2018-11-27 20:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 02:23 - 2018-11-27 20:55 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 18:14 - 2020-10-05 23:29 - 000000000 ___HD C:\$WinREAgent
2021-05-10 20:02 - 2018-11-24 18:34 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-10 20:02 - 2018-11-24 18:34 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-10 20:02 - 2018-11-24 18:34 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-06 20:30 - 2018-09-28 15:11 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-06 20:29 - 2018-09-28 15:10 - 000000000 ____D C:\ProgramData\PCDr
2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-01 00:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

==================== Files in the root of some directories ========

2020-03-22 21:44 - 2020-01-22 21:44 - 000000032 ____R () C:\ProgramData\hash.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by david (29-05-2021 16:15:46)
Running from C:\Users\david\OneDrive\Desktop
Windows 10 Home Version 2004 19041.985 (X64) (2020-10-25 02:52:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3939270826-4198879685-2319656068-500 - Administrator - Disabled)
david (S-1-5-21-3939270826-4198879685-2319656068-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-3939270826-4198879685-2319656068-503 - Limited - Disabled)
Guest (S-1-5-21-3939270826-4198879685-2319656068-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3939270826-4198879685-2319656068-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Dell Digital Delivery Service (HKLM-x32\...\{66E2407E-9001-483E-B2AA-7AEF97567143}) (Version: 3.6.1005.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{98962E99-9DC0-4B16-9D48-2EED1F5D117E}) (Version: 1.2.6577 - Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{A3E44B1D-1AC1-414F-A7D4-0824E0A49F3A}) (Version: 3.9.1.245 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.2.0 - Dell Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10501.6067 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5017 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.1 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bce385e6-0b52-413b-b28e-3b9064ea6cde}) (Version: 20.120.1 - Intel Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{63FF36C4-ADAC-4177-9818-6DDEE7356EEB}) (Version: 1.7.1015 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.67 - McAfee, LLC.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MTG Arena (HKLM\...\{6AF47923-1D12-40FD-A387-06726918EAB0}) (Version: 0.1.3657 - Wizards of the Coast)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.71 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8397 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Thunderbolt™ Software (HKLM-x32\...\{6ECDE40C-4023-419A-8A4E-50FB71275876}) (Version: 17.3.73.350 - Intel Corporation)
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.90.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-05-25] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.9.11.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.9.13.0_x64__htrsf667h5kn2 [2021-05-26] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.2.23.0_x86__htrsf667h5kn2 [2021-05-19] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.401.0_x64__rz1tebttyb220 [2021-05-01] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-25] (INTEL CORP) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2124.0_x64__rh07ty8m5nkag [2018-09-28] (Rivet Networks LLC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-11-24] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-05-27] (McAfee LLC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-25] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13929.20386.0_x86__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.8.40.0_x64__htrsf667h5kn2 [2021-05-25] (Dell Inc)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.971.0_x64__rh07ty8m5nkag [2021-05-19] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-05-25] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2018-11-24] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3939270826-4198879685-2319656068-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_043a570d84e7e965\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_fe6681296e63b9f0\nvshext.dll [2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2020-08-14 22:29 - 2020-08-14 22:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-22] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 19:38 - 2018-04-11 19:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3939270826-4198879685-2319656068-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\dell-gaming-g-series-wallpaper-g5-red.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E7E8F864-7FF8-4F2E-AB86-D44FC0396686}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{A331F170-62FD-4EC3-89F2-A36D89071B8F}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{C02A7495-EEB8-4F65-A8D8-106AFA672E51}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe => No File
FirewallRules: [TCP Query User{5EBDDD86-FBBD-40AC-B5B0-88E7AC039A4D}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus (1).exe => No File
FirewallRules: [UDP Query User{FCC06292-55D5-4155-91E3-240FCD9B8B33}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe => No File
FirewallRules: [TCP Query User{5EB998C2-B71C-476D-8110-297E368492F2}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe => No File
FirewallRules: [UDP Query User{3CDEC5CD-4BB8-4174-9815-712E271B2840}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{3F05613B-4B72-4FC2-9E8F-A96336365484}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{BFCE76C3-0FB8-49D8-A931-1CC3DA42D2FD}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{90FE5D1C-F930-4A6D-9538-2718ABDDA2CB}] => (Allow) C:\Users\david\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{F89A4BCA-145F-4C6B-B382-8CC5778F4DF0}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe => No File
FirewallRules: [TCP Query User{34EABDBD-EB50-4075-B4C7-26D0252C5638}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe => No File
FirewallRules: [{967B3FBD-6B91-4463-96AA-E2EA1B32338A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A1FB07FE-4F4D-4B0A-9A78-605795601EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FC28B0F7-293D-4D5C-8EE5-60FFB9087B93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{31EDD598-6408-448B-94B7-ECB4E1455E09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B62CBB60-DCB6-41FF-BE99-886A7781C530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3B956E9-245D-4CA0-BCD6-A719E8838874}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7BBE0F97-F0E6-4C02-896E-9A531FCA21E7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{35FFC89F-A46B-478F-BCD7-BA000A36A5AF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{5022A77B-4D61-493B-820D-33602192A0E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B33578DD-93CD-4A17-854F-518C4782C71D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{816B6DA9-B7BA-477B-A0AD-E3C4686D2F95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{832E676D-C191-4866-95E1-C5CC34BD4B8A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{4EB23AD8-9C95-42DF-9700-BA777C759513}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File
FirewallRules: [{EB514FF1-0926-4369-B978-D7FB902478F6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File
FirewallRules: [{D1A9C837-3FC4-4CBD-8C8A-C871C552CAEA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D1181EE7-9730-4B96-B294-B40EF6BCD075}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{470EA811-070E-44C8-8DA4-742AB4D21B92}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File
FirewallRules: [UDP Query User{61CD16E5-5950-4DBA-8E89-EDE33A4FFA59}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File
FirewallRules: [TCP Query User{79103DAB-5CFD-4DA4-911E-248D1D9D23AF}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe => No File
FirewallRules: [UDP Query User{DBE84ECB-351D-456A-B228-7D294EBA31BA}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe => No File
FirewallRules: [{65EFD694-4ACF-43AC-8AAA-A1733CEEB97A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{21D23C8C-7C5F-4F77-B066-1C31AEE62956}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File
FirewallRules: [UDP Query User{A93D6578-526E-4841-98A2-81B45CF21584}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe => No File
FirewallRules: [TCP Query User{5CFEF535-A380-4F5D-9E13-21A83DEC1668}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Block) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File
FirewallRules: [UDP Query User{0F1E99EC-03C0-4CC4-9F08-54370EFC23D2}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Block) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File
FirewallRules: [TCP Query User{6DCBE309-CCAB-4A83-B917-681EC618BF06}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{12CAFE89-6134-40B9-83E7-2800CED58B4F}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [{6BE62DE2-F97C-4694-8AF2-739848EB9643}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{EB3C8A4C-0D34-42E9-8FEE-AE97C9DF7DE4}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{4B6D7BFF-E207-4D2E-8291-647B97F33CFF}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{CD33B5CE-8F93-4967-9324-C676102AB06C}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{C20885BD-54A8-40B3-9F47-C6182D8325A4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9CD3A5E9-5306-46D7-8F96-E50CE47467D9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{56C8039F-F5B8-4A5A-975E-0ACE5E0EA138}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{54771355-3A87-4924-8715-99F5E611A544}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FCF89108-9F3C-4798-A467-DD9EBC7FC9DC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{0881C91C-1F5B-4E31-B01C-46074273C7D4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5812F562-C2B9-4F49-BEEF-8A36E9500A6A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{1F767657-1D48-472A-9B16-40E36290CC35}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{53642DD0-644F-47D1-8600-72001102910C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{3FB2CBA8-BB3D-4D5C-9B79-F68E7B2B916B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{DDD6F750-0A5F-4EE4-95D9-A0FA8CC37180}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{615D976A-431C-490B-9E28-CAC45EF3F221}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{F6B65DC2-AC36-4BEF-A8ED-82E4819044CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{A21E9D95-718D-433F-8479-6C044F69E110}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13929.20386.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:103.79 GB) (Free:5.84 GB) (6%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/29/2021 02:39:06 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: )
Description: Error from AlertsUserMessage.exe SYS-DS18
Message: Error getting USTT information (InterfaceFunctionNotSupported)

Error: (05/27/2021 10:09:17 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH)
Description: Product: MTG Arena -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 664,115 KB are required, but only 436,528 KB are available. Click "Ignore" to continue the install without saving recovery information, click "Retry" to check for available space       again, or click "Cancel" to quit the installation.

Error: (05/27/2021 09:50:41 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH)
Description: Product: MTG Arena -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 664,115 KB are required, but only 658,500 KB are available. Click "Ignore" to continue the install without saving recovery information, click "Retry" to check for available space       again, or click "Cancel" to quit the installation.

Error: (05/27/2021 09:48:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ck3.exe, version: 1.0.0.0, time stamp: 0x60538245
Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xbd2c3c23
Exception code: 0xc0000005
Fault offset: 0x00000000000290b0
Faulting process id: 0x4278
Faulting application start time: 0x01d7534d816a3ed0
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\binaries\ck3.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: dade933c-7b3b-42c0-9638-b8545f7e9398
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/27/2021 07:09:08 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: )
Description: Error from AlertsUserMessage.exe SYS-DS18
Message: Error getting USTT information (InterfaceFunctionNotSupported)

Error: (05/26/2021 07:05:15 PM) (Source: DellCommandPowerManager) (EventID: 0) (User: )
Description: Error from AlertsUserMessage.exe SYS-DS18
Message: Error getting USTT information (InterfaceFunctionNotSupported)

Error: (05/26/2021 09:01:12 AM) (Source: DellCommandPowerManager) (EventID: 0) (User: )
Description: Error from AlertsUserMessage.exe SYS-DS18
Message: Error getting USTT information (InterfaceFunctionNotSupported)

Error: (05/25/2021 09:46:14 AM) (Source: DellCommandPowerManager) (EventID: 0) (User: )
Description: Error from AlertsUserMessage.exe SYS-DS18
Message: Error getting USTT information (InterfaceFunctionNotSupported)


System errors:
=============
Error: (05/26/2021 07:08:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/26/2021 07:08:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/20/2021 07:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/20/2021 07:19:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/17/2021 08:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/17/2021 08:32:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/11/2021 09:49:43 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (05/06/2021 08:26:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-05-29 15:53:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2021-05-29 15:21:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-27 22:20:06
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-26 23:12:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-26 19:48:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-06 09:21:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.679.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-06 09:21:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.679.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-06 09:21:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 18:17:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.679.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 18:17:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.679.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

==================== Memory info =========================== 

BIOS: Dell Inc. 1.3.0 05/24/2018
Motherboard: Dell Inc. 03PVDF
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 16178.28 MB
Available physical RAM: 6833.64 MB
Total Virtual: 20530.28 MB
Available Virtual: 4408.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:103.79 GB) (Free:5.84 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:924.69 GB) NTFS

\\?\Volume{d6292698-46af-4818-9250-1211381e51e6}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.47 GB) NTFS
\\?\Volume{d90cabe3-cf87-4bd4-afd9-c9b816516e43}\ (Image) (Fixed) (Total:12.63 GB) (Free:0.27 GB) NTFS
\\?\Volume{6e8f6a98-c310-4a59-b827-74d1bd549c1c}\ (DELLSUPPORT) (Fixed) (Total:1.09 GB) (Free:0.48 GB) NTFS
\\?\Volume{44a1d637-4476-4c1a-bcd6-6a8930f280f4}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.57 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D7FA1D42)

Partition: GPT.

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: D7FA06E5)

Partition: GPT.

==================== End of Addition.txt =======================

 

Threat Scan log:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/29/21
Scan Time: 3:53 PM
Log File: 7de513f6-c0b7-11eb-964b-3c2c309db9ec.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1308
Update Package Version: 1.0.41091
License: Trial

-System Information-
OS: Windows 10 (Build 19041.985)
CPU: x64
File System: NTFS
User: Dash\david

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 283789
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

FRST.txt Addition.txt

Edited by AlexSmith
Updated title to reflect issue
Link to post
Share on other sites

Hello :welcome:

My name is Maurice.

Just first initial remarks & comments.

The scan report from Malwarebytes reports no malware.

We will do other scans later.

There is still near 6 Gigabytes of space on C drive.

D drive has loads of Free space.

Drive c: (OS) (Fixed) (Total:103.79 GB) (Free:5.84 GB) NTFS

Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:924.69 GB) NTFS 

By the way, as we go forward, please do Not copy n paste any reports that I request.  Just only attach.

.

You can & should run the Windows CLEANMGR tool to free up additional space on the C drive.

There is a HOW TO guide on Tenforums.

https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html

See about using Option TWO

 

Link to post
Share on other sites

Thank you for helping and will do on the attachments/copying issue.  I've followed the Option Two guide on the tenforums link you provided.  It freed up some space but not significantly.  I don't know where any of the space is being used.  Prior to posting, I had removed several programs trying to resolve the issue, and at this point I have barely any programs on the computer.  When I check the storage settings and sort by size, no program is over 500mb.  I have no idea what is using almost 100gb on that drive, which is why I suspected malware.  Please let me know if there's anything else I can do to confirm

Link to post
Share on other sites

Hello. I am just almost done scouring thru your FRSt.  I do not see presence of malware.

Remember drive C also has personal files & data beyond just installed programs.

.

I did notice a failed install 2 days ago.

Error: (05/27/2021 10:09:17 PM) (Source: MsiInstaller) (EventID: 11605) (User: DASH)

Description: Product: MTG Arena -- Disk full: There is not enough disk space

.

Stop installing new stuff while we work this case.

In future, look to selecting CUSTOM install option next time you try to do a setup & try guiding installs to drive D.

.

For now do scan with this.

Let me suggest you do one scan with Adwcleaner to check for adwares.

 

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

 

Attach the clean log.

Link to post
Share on other sites

@DashC. I look forward to getting your results from Adwcleaner.

We will be doing more after this.

This here is only 1 small part. For the CHROME browser

while Chrome is running:

Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data:

 

  • Check mark the line "Browsing history"
  • Check mark the line "Download history"
  • Check mark the lined "Cached images and files"
  • and press Clear Data button ( in blue )

 

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

 

 

Make real sure it is "NOT" set to "continue where you left off"

......

For each other browser on this pc:

Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data & History 

....

Let me make a further suggestion:

Using this Microsoft guide.

I would recommend that you run the Windows built-in CLEANMGR applet, which is the disk and system cleanup applet.

 

https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup

 

Edited by Maurice Naggar
Added more
Link to post
Share on other sites

The MTG download I believe is an automated process - I won't install anything myself while doing this process, and won't open MTG so it doesn't auto-update.

 

Please find the Adware Clean log attached.  I have deleted the browsing data and changed the settings as requested. I ran the CLEANMGR applet, but it seems to be the same program you asked me to run earlier.  Either way, I ran it again, but it deleted only 10mb of files.  

AdwCleaner[S00].txt

Link to post
Share on other sites

If I am not mistaken, the guide at Tenforums has a sub-sectiom on cleaning up Old Microsoft Updates  ( Temporary Windows installation files).under Extended disk cleanup.

.

 Please download the attached fixlist.txt file and save it to the  location where you ran FRST from,

Onedrive\Desktop 

Fixlist.txt

 

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

 

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

 

Run  FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

 

Note: If the tool warned you about an outdated version please download and run the updated version.

 

  • NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

 

  • NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

 

The system will be rebooted after the fix has run.

Edited by Maurice Naggar
Link to post
Share on other sites

Thank you for the log. The Windows System File Checker did find & fix some Windows OS system files.

.

Let's have you do a special scan for viruses.

a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

  • When prompted for scan type, Click on Full scan
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Link to post
Share on other sites

Additional remarks.

After the ESET scan, I can guide you to doing a couple more scans to alleviate your suspicions of malware.

As to disk space, the last custom Fix has freed up around three quarters of a Gigabyte of space. ---- 721.2 MB. --- by removing TEMP files.

Link to post
Share on other sites

I have finished the scan and no issues were detected. It seems I may not have malware.  I still have no idea what else could possibly be using up 60 gigs of memory in my Apps & features, since there are virtually no programs installed on the computer at this time.  Is there anything else we should do to confirm? Thank you again for your assistance.

Link to post
Share on other sites

Remember, your own Documents could be quite sizable.

Remember too, the Windows Operating system itself can take lots of space.  And also, something I alluded to before.  Old work areas of older updates of older Windows System updates.

That is why I mentioned CLEANMGR twice.

.

Download Sophos Free Virus Removal Tool    and save it to your desktop.

 

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

 

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program

Once the virus database has been updated click Start Scanning

  • If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your reply

 

Close the Notepad document, close the Threat Details screen, then click Start cleanup

 

Click Exit to close the program

 

If no threats were found please confirm that result....

 

The Virus Removal Tool scans the following areas of your computer:

 

  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread.

You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Link to post
Share on other sites

For sure do report result of Sophos scan.

.

Later on .....after all that has completed.....

 

You may want to consider these as means of reclaiming disk space.

How to Delete Older Versions of File History in Windows 10

https://www.tenforums.com/tutorials/55581-delete-older-versions-file-history-windows-10-a.html

 

 

How to reclaim space after upgrading to Windows 10 October 2020 Update

https://www.windowscentral.com/how-reclaim-space-after-upgrading-windows-10-october-2020-update

Link to post
Share on other sites

Hello,

 

No threats were found.  It seems there must be some other issue for my space issues.  This satisfies me, but if you think we should check any other sources to still confirm please let me know. Thank you again

Link to post
Share on other sites

Your pc has McAfee antivirus. That is another tool you can use to check for viruses.

.

The D drive on this machine setup has Lots of Free space.

The C drive apparently is limited to a physical total of 128 GB.  However a good chunk will be used by the Windows operating system & Programs & Documents.

And Windows 10 Microsoft Update will reserve a goodly chunk for Windows Update. So, this size of C drive will be rather tight.

So that one needs to practice to judiciously keep new stuff to the D drive.

.

As to looking for what BIG files there are, you can see & search by following this sample guide.

https://www.wikihow.com/Find-the-Largest-Files-in-Windows-10

Just be real careful & heed it's safety advice.

.

To check for example for .tmp files, you can search for 

*.tmp

at their line item #4

 

Files that have an extension ending at  *.tmp 

are temporary files & can be deleted.

 

Link to post
Share on other sites

  • Solution

PS. More areas to recover space.

First, Backup is your best friend.

Make a regular habit to Backup your system to offline media.

Here below is what I had been trying to convey to recover late areas of space, as long as your system is working fine & you have no need to go back to a prior version of Windows.

 

There are some system files built / saved at the time of a upgrade.

There are some you can consider deleting.   Study & look over this guide 

https://www.tenforums.com/tutorials/2066-how-delete-windows-old-windows-bt-folders-windows-10-a.html

Link to post
Share on other sites

  • AlexSmith changed the title to Low space remaining in hard drive - suspect malware

I am glad to have helped.

we can proceed with cleanup of tools we used.

 

To remove the FRST  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe

 

Then run that ( double click on it)  to begin the cleanup process.

Delete esetonlinescanner.exe

You should Uninstall SOPHOS from Windows Programs & Features.

 

Any other download file I had you download, you may delete.   I wish you all the best.  Stay safe.

Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.