Robin2020 Posted August 22, 2021 ID:1476198 Share Posted August 22, 2021 In my hidden icons tray I have an invisible icon. My computer recently started to be very slow w/ high disk percentage and memory. I have ran different virus scans but I'm not sure what else to do to resolve the issue. Any help is appreciated. Link to post Share on other sites More sharing options...
kevinf80 Posted August 22, 2021 ID:1476213 Share Posted August 22, 2021 Hello Robin2020, Lets grab some logs and see whats going on, continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... If our tools do not run because of windows smart screen or your security, consider the following: Disable smart screen if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Robin2020 Posted August 22, 2021 Author ID:1476235 Share Posted August 22, 2021 Thank you for responding: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/22/21 Scan Time: 9:24 AM Log File: b058aa02-0354-11ec-bdd5-d80f997c8dd0.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.44262 License: Trial -System Information- OS: Windows 10 (Build 19042.1165) CPU: x64 File System: NTFS User: DESKTOP-UN1TS41\WMS -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 352424 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 17 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-05-2019 # Database: 2021-08-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-22-2021 # Duration: 00:00:18 # OS: Windows 10 Home # Cleaned: 6 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner_Debug.log - [59481 octets] - [23/09/2019 23:49:07] AdwCleaner[S00].txt - [8222 octets] - [23/09/2019 23:50:31] AdwCleaner[C00].txt - [3644 octets] - [23/09/2019 23:54:42] AdwCleaner[S01].txt - [6197 octets] - [22/08/2021 10:06:56] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021 Ran by WMS (administrator) on DESKTOP-UN1TS41 (Dell Inc. Inspiron 3668) (22-08-2021 10:28:56) Running from C:\Users\WMS\Downloads Loaded Profiles: WMS Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18> (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\IntelCpHeciSvc.exe (Intel(R) RMT -> Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe (Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe (Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.5.102.0\McCSPServiceHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3> (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe <3> (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <4> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [960896 2017-03-27] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8090912 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296864 2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1309480 2018-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-08-10] (Intel Corporation -> Intel) HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Policies\Explorer: [NoLogOff] 0 HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\EPSON XP-4100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBWDE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-16] (Google LLC -> Google LLC) Startup: C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-08-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03A357CB-BFF3-4E34-B95E-CB5EDE091A16} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {1875FCCB-A2D8-4558-8AD8-CD4F3DB13580} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {1B485710-2475-4BE8-B20F-08020AF76619} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-08-16] (Microsoft Corporation -> Microsoft Corporation) Task: {1EB1FBAC-28DC-4F86-809A-352D2CA6A2FB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-16] (Microsoft Corporation -> Microsoft Corporation) Task: {2CF945EB-3E39-4457-9C2A-13ED38767C15} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION Task: {30202DCC-04B0-4624-9C7C-4B868010FDA3} - System32\Tasks\EPSON XP-4100 Series Update {1907288E-D865-42D4-BA47-92B6F4E3973B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {3D51D675-9886-42A4-B54F-77C174F65A3C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {4632268E-E498-4437-A60B-EE6689058D4E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC) Task: {4C892EFF-B69A-4A24-A9C1-9E1568E3DE51} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [110008 2016-04-27] (CyberLink Corp. -> CyberLink) Task: {4F79EA9B-6A8D-459F-8E01-A7544E77D3C4} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL) Task: {4FE45C49-51FD-42DB-B84D-FE2F056BB287} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC) Task: {51EF98F5-B0FA-4701-A17B-3823D1931B28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {53AD5C91-02B0-44D9-AE29-7EB84AF61E83} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {5AE873BA-001B-487E-BCF6-FAF8E009B39D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-07] (Dell Inc -> Dell Inc.) Task: {7C964F52-E91F-4B53-B148-68115F7E47A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {8110A042-A7C7-4244-A734-C3CC9D48DAC6} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION Task: {88C66EBF-915F-45DD-890E-D042AF508BFB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation) Task: {972A4554-0344-4CFE-BEFE-7FEE1E81B7F3} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [1595 2016-09-14] () [File not signed] "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {9CDC266D-0284-437E-BB99-82650E40478E} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC) Task: {A511A4B0-4B6C-425F-A800-0628D01052B5} - System32\Tasks\G2MUpdateTask-S-1-5-21-1926485034-965944004-2204550972-1001 => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {B41574B0-5563-41C3-84CA-0BE08E336BC8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.) Task: {B973AD1C-507F-418C-B825-828745779E54} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {D2193EAF-3102-472A-8ACC-F88A190EAFB0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [340440 2015-01-28] (CyberLink Corp. -> CyberLink Corp.) Task: {D2BBF6C1-7498-4880-BB97-F6C4FF783DD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-25] (Google Inc -> Google Inc.) Task: {D352D278-4215-4838-A199-A460B0B5B1D9} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-10] (McAfee, Inc. -> McAfee, LLC.) Task: {D574E510-EE20-4EE1-8738-F2A4283C38AA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation) Task: {D71CB7E5-F7FE-4F47-9031-6A60950A4563} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4114728 2021-04-29] (McAfee, LLC -> McAfee, LLC) Task: {DA6A7D91-9502-4861-AD6F-A9A30998604C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4796736 2021-07-13] (McAfee, LLC -> McAfee, LLC) Task: {DCA8B382-E49D-4240-934E-5FA2B8EA2C4D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-30] (Dropbox, Inc -> DropboxOEM) Task: {E2A84BE1-C42B-4C00-BC73-7BBC63D92DFE} - System32\Tasks\G2MUploadTask-S-1-5-21-1926485034-965944004-2204550972-1001 => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {E37DB7CD-33EC-47AF-BAA8-6449A6C87FBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-25] (Google Inc -> Google Inc.) Task: {E8E0B720-3AED-4D3A-9621-C29C72820340} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe Task: {EDA2A76E-79BF-47BE-BA34-C044F00E6BC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {F58D387E-5000-4966-9DD1-CDB4DC8418F9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.) Task: {F793B3E8-EA3D-4A51-98DF-349C38D8894B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-16] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\EPSON XP-4100 Series Update {1907288E-D865-42D4-BA47-92B6F4E3973B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE:/EXE:{1907288E-D865-42D4-BA47-92B6F4E3973B} /F:UpdateWORKGROUP\DESKTOP-UN1TS41$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1926485034-965944004-2204550972-1001.job => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1926485034-965944004-2204550972-1001.job => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupload.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{0537cac3-1bfd-4d83-b4a3-da8bf028a171}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ccb7ed41-1470-4614-b529-03505d43cf8c}: [DhcpNameServer] 10.0.0.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\WMS\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-22] Edge HomePage: Default -> hxxp://dell17win10.msn.com/?pc=DCTE Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-02-04] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-08-17] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-08-12] (McAfee, LLC -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-08-12] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1926485034-965944004-2204550972-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1926485034-965944004-2204550972-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\WMS\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-01] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default [2021-08-22] CHR Notifications: Default -> hxxps://app-atl.five9.com; hxxps://mail.google.com; hxxps://service.mcafee.com; hxxps://voice.google.com; hxxps://www.instacart.com CHR Extension: (Slides) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-24] CHR Extension: (Docs) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-24] CHR Extension: (Google Drive) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25] CHR Extension: (YouTube) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-24] CHR Extension: (Adobe Acrobat) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11] CHR Extension: (Sheets) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-24] CHR Extension: (McAfee® WebAdvisor) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-18] CHR Extension: (Google Docs Offline) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-23] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-22] CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-08-14] CHR Extension: (Cisco Webex Extension) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-07-28] CHR Extension: (McAfee® Web Boost) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2021-05-28] CHR Extension: (No Name) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-12-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01] CHR Extension: (Gmail) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29] CHR Profile: C:\Users\WMS\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-30] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3834400 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.) R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50376 2021-03-31] (Dell Inc -> ) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> ) R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [36792 2021-08-10] (Intel Corporation -> Intel) R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [176568 2021-08-10] (Intel Corporation -> Intel) R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-07-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel(R) RMT -> Intel Corporation) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-22] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-13] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [797576 2021-08-12] (McAfee, LLC -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.5.102.0\\McCSPServiceHost.exe [2825792 2021-07-08] (McAfee, LLC -> McAfee, LLC) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1671760 2021-08-03] (McAfee, LLC -> McAfee, LLC) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4289856 2021-06-15] (McAfee, LLC -> McAfee, LLC) R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell) R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink Corp. -> CyberLink) S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-07] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC) R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell) R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-25] (Martin Malik - REALiX -> REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-22] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-18] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC) S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited) R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425208 2021-06-06] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-22 10:28 - 2021-08-22 10:30 - 000038036 _____ C:\Users\WMS\Downloads\FRST.txt 2021-08-22 10:27 - 2021-08-22 10:29 - 000000000 ____D C:\FRST 2021-08-22 10:27 - 2021-08-22 10:27 - 002300928 _____ (Farbar) C:\Users\WMS\Downloads\FRST64 (1).exe 2021-08-22 10:26 - 2021-08-22 10:27 - 002300928 _____ (Farbar) C:\Users\WMS\Downloads\FRST64.exe 2021-08-22 10:23 - 2021-08-22 10:23 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-08-22 10:23 - 2021-08-22 10:23 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-08-22 10:23 - 2021-08-22 10:23 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-08-22 10:13 - 2021-08-22 10:18 - 000000000 ____D C:\$MfeDeepRem 2021-08-22 09:55 - 2021-08-22 09:55 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-08-22 09:53 - 2021-08-22 09:53 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup-119967.119967-consumer (1).exe 2021-08-22 09:21 - 2021-08-22 09:21 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup-119967.119967-consumer.exe 2021-08-21 21:09 - 2021-08-21 21:09 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys 2021-08-21 21:08 - 2021-08-21 21:08 - 000000000 ____D C:\WINDOWS\{95502192-209A-463C-A538-BA3BDA33CFCC} 2021-08-20 04:19 - 2021-08-20 04:19 - 000001950 _____ C:\Users\WMS\Desktop\safe.reg 2021-08-19 19:58 - 2021-08-22 10:23 - 000000000 ____D C:\Users\WMS\AppData\LocalLow\IGDump 2021-08-19 18:28 - 2021-08-19 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-08-19 06:46 - 2021-08-19 06:46 - 000000025 _____ C:\Users\WMS\Documents\yk.txt 2021-08-18 20:39 - 2021-08-18 20:39 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate 2021-08-18 04:51 - 2021-08-18 04:51 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-08-18 04:49 - 2021-08-18 04:49 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup (1).exe 2021-08-17 22:23 - 2021-08-17 22:23 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon 2021-08-16 00:04 - 2021-08-16 00:04 - 000740042 _____ C:\Users\WMS\Downloads\HWilliamsCorrected2020_TaxReturn.pdf 2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-08-14 10:02 - 2021-08-14 10:02 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-08-14 02:27 - 2021-08-14 02:28 - 000834906 _____ C:\Users\WMS\Downloads\Hwilliams2020taxreturn.pdf 2021-08-12 00:12 - 2021-08-14 15:12 - 000000151 _____ C:\Users\WMS\BullseyeCoverageError.txt 2021-08-11 19:37 - 2021-08-11 19:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-08-11 19:35 - 2021-08-11 19:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-08-11 19:35 - 2021-08-11 19:35 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-08-11 19:35 - 2021-08-11 19:35 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-08-11 19:34 - 2021-08-11 19:34 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-08-11 19:34 - 2021-08-11 19:34 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-08-11 19:34 - 2021-08-11 19:34 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-08-11 18:51 - 2021-08-11 18:51 - 000000000 ___HD C:\$WinREAgent 2021-08-11 17:55 - 2021-08-11 17:55 - 000001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk 2021-08-08 17:57 - 2021-08-08 17:57 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1926485034-965944004-2204550972-1001 2021-08-08 17:57 - 2021-08-08 17:57 - 000002375 _____ C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-07 18:54 - 2021-08-07 18:54 - 000000000 ____D C:\Users\WMS\AppData\Roaming\@harver 2021-08-07 18:54 - 2021-08-07 18:54 - 000000000 ____D C:\Users\WMS\AppData\Local\@harversaas-diagnostic-app-updater 2021-08-07 18:52 - 2021-08-07 18:53 - 053455200 _____ (Harver) C:\Users\WMS\Downloads\harver-system-checker (1).exe 2021-08-05 22:39 - 2021-08-05 22:39 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-08-05 16:05 - 2021-08-05 16:05 - 000000000 ____D C:\WINDOWS\system32\ihvmanager 2021-08-05 15:25 - 2021-08-05 15:25 - 000001424 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt 2021-07-31 15:34 - 2021-08-03 16:14 - 000000445 _____ C:\Users\WMS\Documents\studyap1.txt 2021-07-30 11:24 - 2021-07-30 11:24 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-07-28 21:14 - 2021-07-28 21:14 - 000002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2021-07-28 21:14 - 2021-07-28 21:14 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2021-07-27 04:19 - 2021-07-27 04:19 - 000097696 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-22 10:30 - 2019-04-18 23:06 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services 2021-08-22 10:24 - 2020-12-15 21:56 - 000000000 __RSD C:\Users\WMS\Documents\McAfee Vaults 2021-08-22 10:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-22 10:22 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-22 10:22 - 2017-06-25 12:56 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-22 10:22 - 2017-06-01 20:19 - 000000000 __SHD C:\Users\WMS\IntelGraphicsProfiles 2021-08-22 10:18 - 2021-01-28 12:24 - 000470900 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-08-22 10:12 - 2021-01-28 12:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-22 10:12 - 2020-10-25 22:19 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-22 10:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-08-22 10:12 - 2017-04-10 18:20 - 000000000 ____D C:\Intel 2021-08-22 10:11 - 2021-01-28 12:11 - 000000000 ____D C:\Users\WMS 2021-08-22 10:11 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-08-22 10:01 - 2020-08-20 17:26 - 000000000 ____D C:\Users\WMS\AppData\Local\CrashDumps 2021-08-22 09:56 - 2020-05-29 13:46 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-08-22 09:56 - 2019-07-12 12:25 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-08-22 09:54 - 2019-07-12 12:24 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-08-22 09:00 - 2020-03-02 13:25 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-08-22 08:54 - 2021-01-28 12:37 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{17296D65-B982-4094-84D6-5B5F13C4F998} 2021-08-21 23:08 - 2021-01-28 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-21 22:38 - 2021-01-28 12:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2021-08-21 22:01 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-21 21:16 - 2020-07-11 20:53 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-21 21:16 - 2020-07-11 20:53 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-08-21 21:09 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-21 20:57 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-08-20 06:05 - 2020-12-11 07:17 - 000001386 _____ C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-08-20 05:57 - 2020-12-11 07:13 - 000001280 _____ C:\Users\WMS\Desktop\ESET Online Scanner.lnk 2021-08-20 05:24 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-08-19 18:29 - 2017-04-10 18:21 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-08-19 18:16 - 2019-10-12 10:49 - 000000000 ____D C:\Program Files\Common Files\McAfee 2021-08-19 01:43 - 2021-06-14 05:35 - 000000734 _____ C:\Users\WMS\Documents\bio201.txt 2021-08-18 20:45 - 2017-04-10 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2021-08-16 22:47 - 2017-04-10 18:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-08-16 15:59 - 2017-06-25 12:57 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-16 15:59 - 2017-06-25 12:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-08-16 00:09 - 2021-02-08 18:42 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f59a6bbb0734 2021-08-16 00:09 - 2021-01-28 12:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-08-15 22:50 - 2020-12-25 06:00 - 000000000 ____D C:\Users\WMS\Documents\TurboTax 2021-08-15 15:41 - 2017-04-10 18:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2021-08-15 15:41 - 2017-04-10 18:21 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2021-08-14 20:55 - 2021-01-28 12:37 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2021-08-13 06:07 - 2021-01-28 12:37 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2021-08-13 06:07 - 2021-01-28 12:37 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2021-08-13 03:28 - 2017-08-21 18:50 - 000000000 ____D C:\Users\WMS\AppData\Local\GoToMeeting 2021-08-11 21:00 - 2021-06-06 10:47 - 000463720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-08-11 20:55 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing 2021-08-11 18:47 - 2017-06-29 09:06 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-08-11 18:41 - 2017-06-29 09:05 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-08-11 17:55 - 2017-08-04 01:42 - 000000000 ____D C:\Program Files (x86)\Intel 2021-08-11 17:55 - 2017-04-10 18:14 - 000000000 ____D C:\ProgramData\Package Cache 2021-08-09 21:47 - 2017-11-15 19:02 - 000000000 ____D C:\Users\WMS\AppData\Local\Packages 2021-08-08 17:57 - 2017-06-01 20:24 - 000000000 ___RD C:\Users\WMS\OneDrive 2021-08-05 16:05 - 2019-04-09 01:42 - 000000000 ____D C:\Program Files (x86)\Qualcomm 2021-08-04 19:28 - 2021-01-28 12:37 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-04 19:28 - 2021-01-28 12:37 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-04 06:51 - 2020-09-30 23:40 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-08-01 20:22 - 2019-10-12 10:52 - 000000000 ____D C:\Program Files\McAfee 2021-08-01 20:22 - 2019-10-12 10:52 - 000000000 ____D C:\Program Files (x86)\McAfee 2021-08-01 20:22 - 2019-10-12 10:49 - 000000000 ____D C:\ProgramData\McAfee 2021-07-26 20:58 - 2021-05-28 14:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor ==================== Files in the root of some directories ======== 2019-05-15 09:21 - 2019-05-15 09:21 - 000000514 _____ () C:\Users\WMS\AppData\Local\LMIR07508001.tmp_r.bat 2020-03-02 13:23 - 2020-03-02 13:23 - 000000410 _____ () C:\Users\WMS\AppData\Local\oobelibMkey.log 2017-10-27 11:59 - 2019-01-25 20:21 - 000007605 _____ () C:\Users\WMS\AppData\Local\Resmon.ResmonCfg ==================== FLock ============================== 2021-01-28 12:41 C:\Recovery ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021 Ran by WMS (22-08-2021 10:32:00) Running from C:\Users\WMS\Downloads Windows 10 Home Version 20H2 19042.1165 (X64) (2021-01-28 17:39:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1926485034-965944004-2204550972-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1926485034-965944004-2204550972-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1926485034-965944004-2204550972-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-1926485034-965944004-2204550972-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1926485034-965944004-2204550972-504 - Limited - Disabled) WMS (S-1-5-21-1926485034-965944004-2204550972-1001 - Administrator - Enabled) => C:\Users\WMS ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated) Adobe Connect (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Amazon WorkSpaces (HKLM-x32\...\{317904EA-DB48-47CA-846F-B164EFCA264C}) (Version: 3.1.9.2201 - Amazon Web Services, Inc) BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2016.0926.2121 - F5 Networks, Inc.) Cisco Webex Meetings (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.) Dell Digital Delivery Services (HKLM-x32\...\{3722784A-D530-4C82-BB78-4DF3E1A4CAD9}) (Version: 4.0.90.0 - Dell Inc.) Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Dell SupportAssist (HKLM\...\{71A59A4C-9348-4CA2-B98C-E422E14C9D31}) (Version: 3.10.2.29 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.) Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.3.0 - Dell Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 129.4.3571 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden Easy Photo Scan (HKLM-x32\...\{756618E1-97CD-4FA0-87EB-67DF4E8EE8ED}) (Version: 1.00.0014 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{E65F6027-38B4-474E-98F1-B321628C3D79}) (Version: 3.11.0008 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation) EPSON XP-4100 Series Printer Uninstall (HKLM\...\EPSON XP-4100 Series) (Version: - Seiko Epson Corporation) Epson XP-4100_XP-4105 User’s Guide (HKLM-x32\...\UsersGuideEpson XP-4100_XP-4105 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC) GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.) GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.) HL-L2300D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Intel Driver && Support Assistant (HKLM-x32\...\{BC82D1AD-802A-4733-BB90-A8E59AB8434A}) (Version: 21.5.33.3 - Intel) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation) Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation) Intel(R) Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{b09ce953-882c-4131-a693-2e1d73b1e50d}) (Version: 21.5.33.3 - Intel) Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9134.0 - Waves Audio Ltd.) Hidden McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R36 - McAfee, LLC) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH) Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm) Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.) Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus) Skype for Business Basic 2016 - en-us (HKLM\...\SkypeforBusinessEntryRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation) Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation) SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks) TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.613 - McAfee, LLC) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-03-02] (Adobe Systems Incorporated) CyberLink Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.CyberLinkMediaSuiteEssentials_1.0.10.0_x86__mcezb6ze687jp [2018-03-13] (CYBERLINK CORPORATION.) Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-11] (Dell Inc) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.5.0_x64__htrsf667h5kn2 [2021-08-22] (Dell Inc) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-21] (HP Inc.) March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.8.7.0_x86__h6adky7gbf63m [2021-08-11] (Gameloft SE) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10628.5716.0_x64__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-07] (Microsoft Corporation) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-10] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\WMS\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.) CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd) CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\WMS\Dropbox [2017-06-01 20:20] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxDTCM.dll [2021-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506392 2016-04-27] (proDAD GmbH -> proDAD GmbH) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\WMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2021-03-31 14:01 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2021-06-05 21:06 - 2017-12-22 12:53 - 000025299 _____ () [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll 2021-06-05 21:06 - 2017-12-22 12:53 - 000122880 _____ () [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll 2021-06-05 21:06 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2021-06-05 21:06 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2021-06-05 21:06 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2021-04-13 12:36 - 2021-04-13 12:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 000452096 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.09f690bd#\8fb5b818cccb5b59638b21e088199977\Intuit.Spc.Esd.Client.BusinessLogic.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 000223744 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.618c5f21#\dfe967be112c98a2a994461a32e335f3\Intuit.Spc.Esd.Client.DataAccess.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 000166400 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.820cb8f8#\04d1cfdf82be9ce896c84e7e00b93dc4\Intuit.Spc.Esd.Client.Common.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 001131520 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.8e5e058c#\da9cc0b626f03c9f6e5db848364f179f\Intuit.Spc.Esd.WinClient.Api.Net.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 000749568 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.e37652b5#\2bbe3780dc4c1d04137cd10a42e4e761\Intuit.Spc.Map.Reporter.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 000886784 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.Esd.Core\3f3235820e11416dcced4f3f79403313\Intuit.Spc.Esd.Core.ni.dll 2021-08-14 15:01 - 2021-08-14 15:01 - 001112576 _____ (Intuit) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.fecc593b#\051d52139c8ebae433c3a6875b1c4508\Intuit.Spc.Map.WindowsFirewallUtilities.ni.dll 2020-08-14 21:29 - 2020-08-14 21:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll 2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll 2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll 2017-02-13 15:54 - 2017-02-13 15:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll 2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll 2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE SearchScopes: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> DefaultScope {ED196E32-5A0B-4BF8-B948-2C93F9FEC1C2} URL = SearchScopes: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> {ED196E32-5A0B-4BF8-B948-2C93F9FEC1C2} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-08-13] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-08-13] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\incontact.com -> hxxps://engage.incontact.com IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\liveops.com -> hxxps://agents.liveops.com IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\michaels.com -> hxxps://sa.michaels.com IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\sharepoint.com -> hxxps://leudineglobal-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 06:47 - 2019-09-09 15:19 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts 2021-05-10 16:05 - 2021-05-10 16:05 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL HKU\S-1-5-21-1926485034-965944004-2204550972-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\WMS\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F021BCF7-ED74-4848-9A55-C9D9C9F5776A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) FirewallRules: [{F12E73DC-B031-4731-BF09-4863B2CC9C43}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) FirewallRules: [{BD826514-3901-4443-8EEA-A79316D00E5F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{1861595E-19AF-44DF-A5ED-3B3F8A221D1B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{0A273CBF-8B79-47DB-ACD1-C444A05252B3}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [UDP Query User{2D10E769-A3F2-4D8C-A6E3-29F7D7BC3C66}C:\windows\syswow64\presentationhost.exe] => (Allow) C:\windows\syswow64\presentationhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{AE2E1472-6676-4ED4-93D4-6E895E5E7D30}C:\windows\syswow64\presentationhost.exe] => (Allow) C:\windows\syswow64\presentationhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3905D4CA-72AE-47DE-A425-5171627C79B4}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{A5B7F4D4-2934-489E-A6B8-1D480CA35127}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{6C9EFDE0-8605-4ABB-91CE-9D9D268187B7}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{CDA968ED-4746-4391-8FF9-62D63680802E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F2C5BC84-37F8-49AF-B7B7-57571DCD119C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{D6A7D6D9-69FC-443B-9B15-538B155B3494}C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [UDP Query User{E19B05EA-FED1-4A95-9989-0D4D1E8EAE44}C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [{794FA227-29BD-40D6-AFE5-B0BB1E81318E}] => (Block) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [{73EF549F-C1B7-4A27-A660-2246B6F29277}] => (Block) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [{36B67AD8-2862-4087-968A-088AA23E39E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B94BE9BC-45AC-4687-A189-75ECF6F6974D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D0FD499-C9D1-4A34-A21B-F6DBE604D58E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{751E83D0-5161-4472-AEC2-6B54E635CDEB}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{9618E2D4-6E7A-42FF-987D-F08EE974638E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{6FB66D09-97A1-4316-976F-BA6C9B006B7C}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{756CC92B-0CE2-4030-AE16-881B2FF0D1BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7C6D78B9-A78D-4374-AF78-9C9ED624154F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{54EA3454-6930-4EC8-9B9D-EB954AB5904A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{09D23DB0-FBC5-49FD-B1FC-5A453B344E40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C7CA76E5-4AA6-48B8-A309-A30C8DC29EFF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A241A5B2-354C-40B6-A438-3C162FCEE24A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{7329F966-A1FD-4E7F-923C-9DB9236A8800}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D994EF81-F871-4368-ABAE-3D2AC97AE370}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{F089FB0C-36FE-4F4C-964E-18AD6DE0AA05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{085D90FE-D7D2-45D2-B1AB-A37B9A335599}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C5E84291-F1EF-4825-9B36-A19ED07F6A90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6D3B8BD4-6CC4-4105-BF03-15CEB62BFE59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A388EAE6-4DD1-4C2E-9B81-3524973BBC86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{A7611527-E703-4A91-B2D4-756BA1F9FDF9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 05-08-2021 16:21:58 Installed Intel(R) Wireless Bluetooth(R) 11-08-2021 18:47:38 Windows Modules Installer 17-08-2021 21:04:53 Windows Update 20-08-2021 04:18:00 8.20.2021 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/22/2021 10:26:50 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-UN1TS41) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (08/22/2021 10:18:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/22/2021 10:18:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/22/2021 10:14:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/22/2021 10:14:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/22/2021 10:01:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Exception code: 0xc0000005 Fault offset: 0x004214fb Faulting process id: 0x320c Faulting application start time: 0x01d797669afc1438 Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Report Id: c5b91bd6-b11c-4b08-9e75-166a7d42fb62 Faulting package full name: Faulting package-relative application ID: Error: (08/22/2021 10:01:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Exception code: 0xc0000005 Fault offset: 0x004214fb Faulting process id: 0x43f4 Faulting application start time: 0x01d797669174dfa1 Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Report Id: 26b3849f-83f9-4329-a7b9-656c4848245f Faulting package full name: Faulting package-relative application ID: Error: (08/22/2021 10:00:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba Exception code: 0xc0000005 Fault offset: 0x004214fb Faulting process id: 0x4428 Faulting application start time: 0x01d797666cf5ac79 Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe Report Id: ad536f15-3441-4f41-a66e-27a7a0bbdcc8 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/22/2021 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Hardware Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s). Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Driver & Support Assistant service terminated unexpectedly. It has done this 1 time(s). Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s). Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: ================ Date: 2021-06-06 12:47:59 Description: Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory. Detection time: 2021-06-06T17:47:59.649Z Path: \Device\Harddisk0\DR0 Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Security intelligence Version: 1.341.190.0 Engine Version: 1.1.18200.4 Product Version: 4.18.2009.7 Date: 2021-06-06 12:33:00 Description: Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory. Detection time: 2021-06-06T17:33:00.507Z Path: \Device\Harddisk0\DR0 Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Security intelligence Version: 1.341.190.0 Engine Version: 1.1.18200.4 Product Version: 4.18.2009.7 Date: 2021-06-06 12:17:59 Description: Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory. Detection time: 2021-06-06T17:17:59.637Z Path: \Device\Harddisk0\DR0 Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Security intelligence Version: 1.341.190.0 Engine Version: 1.1.18200.4 Product Version: 4.18.2009.7 Date: 2021-06-06 12:03:02 Description: Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory. Detection time: 2021-06-06T17:03:02.340Z Path: \Device\Harddisk0\DR0 Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Security intelligence Version: 1.341.190.0 Engine Version: 1.1.18200.4 Product Version: 4.18.2009.7 Date: 2021-06-06 11:47:59 Description: Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory. Detection time: 2021-06-06T16:47:59.418Z Path: \Device\Harddisk0\DR0 Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Security intelligence Version: 1.341.190.0 Engine Version: 1.1.18200.4 Product Version: 4.18.2009.7 Date: 2021-06-06 11:11:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.341.190.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18200.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-03-06 11:31:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.325.1056.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17500.4 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =============== Date: 2021-08-22 10:34:50 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements. Date: 2021-08-22 10:32:45 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 1.15.1 12/24/2020 Motherboard: Dell Inc. 07KY25 Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz Percentage of memory in use: 67% Total physical RAM: 8103.7 MB Available physical RAM: 2654.59 MB Total Virtual: 13991.7 MB Available Virtual: 7375.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.29 GB) (Free:794.17 GB) NTFS \\?\Volume{1fcdd39d-8851-43b4-b818-e490266a0e69}\ () (Fixed) (Total:0.84 GB) (Free:0.41 GB) NTFS \\?\Volume{4c784866-2d6c-4128-9e23-ce28d2235322}\ (Image) (Fixed) (Total:11.7 GB) (Free:0.54 GB) NTFS \\?\Volume{d3c4d029-4d38-4279-b81b-21bbb159507d}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.34 GB) NTFS \\?\Volume{2e6175b8-e9d5-4229-b8e8-13180a6552bc}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32 ==================== MBR & Partition Table ==================== ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
Solution kevinf80 Posted August 22, 2021 Solution ID:1476254 Share Posted August 22, 2021 Hiya Robin2020, Do not see much wrong with your logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin. fixlist.txt Link to post Share on other sites More sharing options...
Robin2020 Posted August 23, 2021 Author ID:1476342 Share Posted August 23, 2021 Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021 Ran by WMS (23-08-2021 04:28:06) Run:1 Running from C:\Users\WMS\Downloads Loaded Profiles: defaultuser0 & WMS Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: Task: {1875FCCB-A2D8-4558-8AD8-CD4F3DB13580} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {2CF945EB-3E39-4457-9C2A-13ED38767C15} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION Task: {8110A042-A7C7-4244-A734-C3CC9D48DAC6} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File cmd: dism /online /cleanup-image /restorehealth cmd: sfc /scannow Hosts: C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1875FCCB-A2D8-4558-8AD8-CD4F3DB13580}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1875FCCB-A2D8-4558-8AD8-CD4F3DB13580}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CF945EB-3E39-4457-9C2A-13ED38767C15}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF945EB-3E39-4457-9C2A-13ED38767C15}" => removed successfully C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8110A042-A7C7-4244-A734-C3CC9D48DAC6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8110A042-A7C7-4244-A734-C3CC9D48DAC6}" => removed successfully C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4} => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully ========= dism /online /cleanup-image /restorehealth ========= Deployment Image Servicing and Management tool Version: 10.0.19041.844 Image Version: 10.0.19042.1165 [== 3.8% ] [== 3.8% ] [== 3.9% ] [== 4.2% ] [== 4.4% ] [== 4.5% ] [== 4.8% ] [== 4.8% ] [== 4.9% ] [== 5.1% ] [=== 5.4% ] [=== 5.7% ] [=== 5.7% ] [=== 5.8% ] [=== 6.0% ] [=== 6.3% ] [=== 6.6% ] [=== 6.6% ] [=== 6.7% ] [==== 6.9% ] [==== 7.0% ] [==== 7.2% ] [==== 7.2% ] [==== 7.3% ] [==== 7.4% ] [==== 7.5% ] [==== 7.8% ] [==== 8.3% ] [==== 8.5% ] [===== 8.8% ] [===== 8.9% ] [===== 9.0% ] [===== 9.1% ] [===== 9.2% ] [===== 9.3% ] [===== 9.5% ] [===== 9.5% ] [===== 9.6% ] [===== 9.6% ] [===== 9.7% ] [===== 9.8% ] [===== 10.0% ] [===== 10.1% ] [===== 10.3% ] [====== 10.4% ] [====== 10.6% ] [====== 10.9% ] [====== 11.0% ] [====== 11.3% ] [====== 11.6% ] [====== 11.8% ] [====== 11.9% ] [======= 12.2% ] [======= 12.5% ] [======= 12.8% ] [======= 13.0% ] [======= 13.1% ] [======= 13.4% ] [======= 13.5% ] [======= 13.6% ] [======== 13.8% ] [======== 13.9% ] [======== 14.1% ] [======== 14.1% ] [======== 14.2% ] [======== 14.2% ] [======== 14.5% ] [======== 14.7% ] [======== 14.9% ] [======== 15.1% ] [======== 15.3% ] [========= 15.6% ] [========= 15.8% ] [========= 15.9% ] [========= 16.2% ] [========= 16.7% ] [========== 17.3% ] [========== 18.0% ] [========== 18.6% ] [========== 18.9% ] [=========== 19.3% ] [=========== 19.8% ] [=========== 20.1% ] [=========== 20.4% ] [=========== 20.6% ] [============ 20.9% ] [============ 21.4% ] [============ 21.7% ] [============ 21.7% ] [============ 22.0% ] [============ 22.1% ] [============ 22.3% ] [============= 22.6% ] [============= 22.9% ] [============= 23.4% ] [============= 23.9% ] [============== 24.2% ] [============== 24.5% ] [============== 24.6% ] [============== 25.0% ] [============== 25.3% ] [============== 25.5% ] [============== 25.7% ] [=============== 26.0% ] [=============== 26.3% ] [=============== 26.4% ] [=============== 26.7% ] [=============== 26.9% ] [=============== 26.9% ] [=============== 27.0% ] [=============== 27.1% ] [=============== 27.1% ] [=============== 27.5% ] [================ 27.6% ] [================ 27.8% ] [================ 28.1% ] [================ 28.5% ] [================ 28.7% ] [================ 29.0% ] [================ 29.3% ] [================= 29.6% ] [================= 29.7% ] [================= 30.0% ] [================= 30.4% ] [================= 30.4% ] [================= 30.6% ] [================= 30.7% ] [================= 30.9% ] [================== 31.3% ] [================== 31.6% ] [================== 31.8% ] [================== 32.0% ] [================== 32.2% ] [================== 32.4% ] [================== 32.5% ] [================== 32.7% ] [=================== 33.0% ] [=================== 33.1% ] [=================== 33.4% ] [=================== 33.5% ] [=================== 33.7% ] [=================== 33.9% ] [=================== 34.2% ] [=================== 34.3% ] [=================== 34.4% ] [==================== 34.7% ] [==================== 34.8% ] [==================== 34.9% ] [==================== 35.0% ] [==================== 35.2% ] [==================== 35.3% ] [==================== 35.5% ] [==================== 35.8% ] [==================== 35.9% ] [==================== 35.9% ] [==================== 36.1% ] [==================== 36.2% ] [==================== 36.2% ] [===================== 36.3% ] [===================== 36.8% ] [===================== 37.0% ] [===================== 37.1% ] [===================== 37.1% ] [===================== 37.2% ] [===================== 37.3% ] [===================== 37.3% ] [===================== 37.3% ] [===================== 37.4% ] [===================== 37.4% ] [===================== 37.5% ] [===================== 37.5% ] [===================== 37.6% ] [===================== 37.6% ] [===================== 37.6% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.8% ] [===================== 37.9% ] [====================== 38.0% ] [====================== 38.0% ] [====================== 38.0% ] [====================== 38.0% ] [====================== 38.1% ] [====================== 38.2% ] [====================== 38.3% ] [====================== 38.3% ] [====================== 38.3% ] [====================== 38.3% ] [====================== 38.4% ] [====================== 38.6% ] [====================== 38.6% ] [====================== 38.7% ] [====================== 38.7% ] [====================== 38.8% ] [====================== 38.8% ] [====================== 38.9% ] [====================== 38.9% ] [====================== 39.0% ] [====================== 39.1% ] [====================== 39.2% ] [====================== 39.2% ] [====================== 39.4% ] [====================== 39.5% ] [====================== 39.5% ] [======================= 39.7% ] [======================= 39.8% ] [======================= 39.8% ] [======================= 40.0% ] [======================= 40.2% ] [======================= 40.3% ] [======================= 40.4% ] [======================= 40.5% ] [======================= 40.6% ] [======================= 40.8% ] [======================= 41.0% ] [======================= 41.3% ] [======================== 41.4% ] [======================== 41.5% ] [======================== 41.6% ] [======================== 41.7% ] [======================== 42.0% ] [======================== 42.2% ] [======================== 42.3% ] [======================== 42.5% ] [======================== 42.7% ] [======================== 42.9% ] [======================== 42.9% ] [======================== 43.0% ] [========================= 43.2% ] [========================= 43.2% ] [========================= 43.3% ] [========================= 43.4% ] [========================= 43.5% ] [========================= 43.5% ] [========================= 43.6% ] [========================= 43.7% ] [========================= 43.8% ] [========================= 43.9% ] [========================= 44.1% ] [========================= 44.1% ] [========================= 44.2% ] [========================= 44.3% ] [========================= 44.4% ] [========================= 44.5% ] [========================= 44.5% ] [========================= 44.6% ] [========================= 44.7% ] [========================== 44.9% ] [========================== 44.9% ] [========================== 45.0% ] [========================== 45.1% ] [========================== 45.3% ] [========================== 45.4% ] [========================== 45.6% ] [========================== 45.8% ] [========================== 46.0% ] [========================== 46.0% ] [========================== 46.2% ] [========================== 46.3% ] [========================== 46.4% ] [===========================46.6% ] [===========================46.9% ] [===========================47.1% ] [===========================47.4% ] [===========================47.5% ] [===========================47.8% ] [===========================47.8% ] [===========================47.9% ] [===========================48.1% ] [===========================48.2% ] [===========================48.2% ] [===========================48.3% ] [===========================48.3% ] [===========================48.8% ] [===========================48.9% ] [===========================49.1% ] [===========================49.2% ] [===========================49.4% ] [===========================49.7% ] [===========================50.0% ] [===========================50.4% ] [===========================50.6% ] [===========================50.8% ] [===========================50.9% ] [===========================50.9% ] [===========================50.9% ] [===========================51.2% ] [===========================51.2% ] [===========================51.3% ] [===========================51.5% ] [===========================51.7% ] [===========================51.8% ] [===========================51.8% ] [===========================51.8% ] [===========================52.0% ] [===========================52.3% ] [===========================52.4% ] [===========================52.4% ] [===========================52.4% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.6% ] [===========================52.7% ] [===========================52.7% ] [===========================52.7% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.9% ] [===========================52.9% ] [===========================52.9% ] [===========================52.9% ] [===========================53.0% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.3% ] [===========================53.3% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.6% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.8% ] [===========================53.9% ] [===========================53.9% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.1% ] [===========================54.2% ] [===========================54.2% ] [===========================54.2% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.4% ] [===========================54.4% ] [===========================54.4% ] [===========================54.5% ] [===========================54.5% ] [===========================54.6% ] [===========================54.6% ] [===========================54.7% ] [===========================54.7% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================55.0% ] [===========================55.0% ] [===========================55.0% ] [===========================55.1% ] [===========================55.1% ] [===========================55.2% ] [===========================55.2% ] [===========================55.3% ] [===========================55.3% ] [===========================55.3% ] [===========================55.4% ] [===========================55.4% ] [===========================55.4% ] [===========================55.5% ] [===========================56.0% ] [===========================56.2% ] [===========================56.5% ] [===========================56.5% ] [===========================56.5% ] [===========================56.5% ] [===========================56.6% ] [===========================56.7% ] [===========================56.8% ] [===========================56.9%= ] [===========================57.5%= ] [===========================57.5%= ] [===========================57.7%= ] [===========================58.6%== ] [===========================59.5%== ] [===========================59.6%== ] [===========================60.1%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] The restore operation completed successfully. The operation completed successfully. ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 5% complete. Verification 5% complete. Verification 6% complete. Verification 7% complete. Verification 7% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 13% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 18% complete. Verification 18% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 26% complete. Verification 26% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 29% complete. Verification 30% complete. Verification 31% complete. Verification 31% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 39% complete. Verification 39% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 42% complete. Verification 43% complete. Verification 44% complete. Verification 44% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 50% complete. Verification 50% complete. Verification 51% complete. Verification 52% complete. Verification 52% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 63% complete. Verification 63% complete. Verification 64% complete. Verification 65% complete. Verification 65% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 71% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 76% complete. Verification 76% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 84% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 87% complete. Verification 87% complete. Verification 88% complete. Verification 89% complete. Verification 89% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 97% complete. Verification 97% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\adobegc.log => moved successfully C:\Windows\Temp\Application_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Application_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\APPX.0kpfu183nipoce5bd55ef3w_d.tmp => moved successfully C:\Windows\Temp\APPX.3lwzilovz4923hstsv7ok0d5c.tmp => moved successfully C:\Windows\Temp\APPX.6w9s96vo9_u2b59m_fg906_b.tmp => moved successfully C:\Windows\Temp\APPX.9dbnt_8xkt8bvc456n4qwjw3f.tmp => moved successfully C:\Windows\Temp\APPX.dwboaq06fjuh4stt9ijxh__yh.tmp => moved successfully C:\Windows\Temp\APPX.iwg_akv30l571j97m79g3c58g.tmp => moved successfully C:\Windows\Temp\APPX.myu0pi4evgt74rl4kxuc2_p2e.tmp => moved successfully C:\Windows\Temp\APPX.q5pjfg9inez5hemb09vbgjdwd.tmp => moved successfully C:\Windows\Temp\APPX.vqa10oc8lgv9n12nbeon9wlcc.tmp => moved successfully C:\Windows\Temp\AppxErrorReport_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.txt => moved successfully C:\Windows\Temp\AppxErrorReport_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.txt => moved successfully C:\Windows\Temp\AutoUpdateScheduler.xml => moved successfully C:\Windows\Temp\BullseyeCoverage-x64-ic-6.dll => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\CSPInstall.log => moved successfully C:\Windows\Temp\CSPUninstall.log => moved successfully C:\Windows\Temp\Dell Product Registration5_inspiron.xml => moved successfully C:\Windows\Temp\Dell_SupportAssist_OS_Recovery_Plugin_for_Dell_Update_20210818204437.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210809-0316.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2218.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2229.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2329.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2345.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0124.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0133.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0144.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0159.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0205.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0226.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0246.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0335.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0340.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0412.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0425.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0443.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0517.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0530.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0539.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1506.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1506a.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1541.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1758.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-2100.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210811-2115.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0116.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0159.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0205.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0214.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0225.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0400.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0428.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0820.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210812-1220.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0130.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0428.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0656.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0707.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0846.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1017.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1026.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1059.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210813-2145.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-0331.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-0648.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1451.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1451a.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1455.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1500.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1516.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2131.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2137.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2147.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2241.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2247.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2353.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0023.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0036.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0204.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0648.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0725.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0734.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0759.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-1541.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2055.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2058.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2340.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0213.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0222.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0335.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0400.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0417.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0446.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0615.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0638.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0651.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-1601.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2238.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2246.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2247.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2249.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2343.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0015.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0024.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0046.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0149.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0352.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0400.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2046.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2051.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2208.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2229.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2237.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2326.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2327.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0019.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0034.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0400.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0519.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0821.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-1311.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2006.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2012.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2137.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2220.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2236.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2344.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0034.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0048.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0152.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0301.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0336.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0503.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0546.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0640.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0646.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1818.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1818a.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1832.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2104.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2110.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2114.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0357.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0400.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0400a.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0402.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0444.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0451.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0500.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0525.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0536.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0604.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0833.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-1219.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210820-1333.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0013.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0301.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0342.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0358.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0410.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0451.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2057.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2104.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2158.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2231.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2246.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2318.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0030.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851a.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851b.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0853.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0912.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1010.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1012.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1027.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1117.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2141.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2243.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2356.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0029.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0034.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0134.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0157.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0235.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0247.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0350.log => moved successfully C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0400.log => moved successfully Could not move "C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0429.log" => Scheduled to move on reboot. C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175326.log => moved successfully C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175326_000_DriverSupportAssistantInstaller.log => moved successfully C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175535.log => moved successfully C:\Windows\Temp\launcher.serviceoscmd => moved successfully C:\Windows\Temp\mbamiservice.log => moved successfully C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-Store_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-Store_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\msedge_installer.log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210811210014E6C).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202108162246164D84).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202108172046161240).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202108200357281048).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210820044428E8C).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210821205715EBC).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210822101244EA4).log => moved successfully Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202108230429514A4C).log" => Scheduled to move on reboot. C:\Windows\Temp\System_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully C:\Windows\Temp\System_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully C:\Windows\Temp\{4AB531B6-092A-4A53-8B16-C5E50CAFD01D} - OProcSessId.dat => moved successfully C:\Windows\Temp\{DF0D6067-95BD-477A-9E3E-4386C3710C7E} - OProcSessId.dat => moved successfully C:\Windows\Temp\{F15CB4F2-A01B-453B-9E6D-48FF79B08C0D} - OProcSessId.dat => moved successfully C:\Windows\Temp\{FBFC9B3F-6CAE-409E-B57A-4719B0170C03} - OProcSessId.dat => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== "C:\WINDOWS\system32\*.tmp" ========== not found ========= End -> "C:\WINDOWS\system32\*.tmp" ======== =========== "C:\WINDOWS\syswow64\*.tmp" ========== not found ========= End -> "C:\WINDOWS\syswow64\*.tmp" ======== =========== EmptyTemp: ========== BITS transfer queue => 12083200 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 271496358 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 129962504 B Edge => 2171354 B Chrome => 2070193471 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 26022273 B systemprofile32 => 26022273 B LocalService => 26515661 B NetworkService => 144175355 B defaultuser0 => 144175355 B WMS => 267025847 B RecycleBin => 7002308884 B EmptyTemp: => 9.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-08-2021 05:18:49) C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0429.log => Is moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202108230429514A4C).log => Is moved successfully ==== End of Fixlog 05:18:50 ==== --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.347, (build 1.347.247.0) Started On Mon Aug 23 05:28:33 2021 Engine: 1.1.18500.9 Signatures: 1.347.247.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Quick Scan Results: ------------------- Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Mon Aug 23 09:49:27 2021 Return code: 6 (0x6) Link to post Share on other sites More sharing options...
kevinf80 Posted August 23, 2021 ID:1476391 Share Posted August 23, 2021 Thanks for those log, what is the current status of your PC; any remaining issues or concerns..? Link to post Share on other sites More sharing options...
Robin2020 Posted August 24, 2021 Author ID:1476462 Share Posted August 24, 2021 It's much faster and I don't see the 'invisible' icon. Thank you for your help...Do you have cash app??? 1 Link to post Share on other sites More sharing options...
kevinf80 Posted August 24, 2021 ID:1476479 Share Posted August 24, 2021 Hiya Robin2020, Thanks for the update, good to hear your PC ok for you... Regarding donations, I only use paypal. Thank you for the offer. Continue to finish up: Right click on FRST here: C:\Users\WMS\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... 1 Link to post Share on other sites More sharing options...
kevinf80 Posted August 24, 2021 ID:1476502 Share Posted August 24, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts