Jump to content

'Invisible' icon in hidden icons and slow PC


Go to solution Solved by kevinf80,

Recommended Posts

Hello Robin2020,

Lets grab some logs and see whats going on, continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

If our tools do not run because of windows smart screen or your security, consider the following:

Disable smart screen if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....


Thank you,

Kevin....
Link to post
Share on other sites

Thank you for responding: 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/22/21
Scan Time: 9:24 AM
Log File: b058aa02-0354-11ec-bdd5-d80f997c8dd0.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.44262
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1165)
CPU: x64
File System: NTFS
User: DESKTOP-UN1TS41\WMS

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 352424
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 17 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2021-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-22-2021
# Duration: 00:00:18
# OS:       Windows 10 Home
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [59481 octets] - [23/09/2019 23:49:07]
AdwCleaner[S00].txt - [8222 octets] - [23/09/2019 23:50:31]
AdwCleaner[C00].txt - [3644 octets] - [23/09/2019 23:54:42]
AdwCleaner[S01].txt - [6197 octets] - [22/08/2021 10:06:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021
Ran by WMS (administrator) on DESKTOP-UN1TS41 (Dell Inc. Inspiron 3668) (22-08-2021 10:28:56)
Running from C:\Users\WMS\Downloads
Loaded Profiles: WMS
Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\IntelCpHeciSvc.exe
(Intel(R) RMT -> Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.5.102.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [960896 2017-03-27] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8090912 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296864 2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1309480 2018-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-08-10] (Intel Corporation -> Intel)
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Policies\Explorer: [NoLogOff] 0
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-4100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBWDE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-16] (Google LLC -> Google LLC)
Startup: C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-08-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A357CB-BFF3-4E34-B95E-CB5EDE091A16} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {1875FCCB-A2D8-4558-8AD8-CD4F3DB13580} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1B485710-2475-4BE8-B20F-08020AF76619} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EB1FBAC-28DC-4F86-809A-352D2CA6A2FB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CF945EB-3E39-4457-9C2A-13ED38767C15} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION
Task: {30202DCC-04B0-4624-9C7C-4B868010FDA3} - System32\Tasks\EPSON XP-4100 Series Update {1907288E-D865-42D4-BA47-92B6F4E3973B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {3D51D675-9886-42A4-B54F-77C174F65A3C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4632268E-E498-4437-A60B-EE6689058D4E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {4C892EFF-B69A-4A24-A9C1-9E1568E3DE51} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [110008 2016-04-27] (CyberLink Corp. -> CyberLink)
Task: {4F79EA9B-6A8D-459F-8E01-A7544E77D3C4} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {4FE45C49-51FD-42DB-B84D-FE2F056BB287} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {51EF98F5-B0FA-4701-A17B-3823D1931B28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {53AD5C91-02B0-44D9-AE29-7EB84AF61E83} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {5AE873BA-001B-487E-BCF6-FAF8E009B39D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-07] (Dell Inc -> Dell Inc.)
Task: {7C964F52-E91F-4B53-B148-68115F7E47A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {8110A042-A7C7-4244-A734-C3CC9D48DAC6} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION
Task: {88C66EBF-915F-45DD-890E-D042AF508BFB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {972A4554-0344-4CFE-BEFE-7FEE1E81B7F3} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [1595 2016-09-14] () [File not signed]
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {9CDC266D-0284-437E-BB99-82650E40478E} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {A511A4B0-4B6C-425F-A800-0628D01052B5} - System32\Tasks\G2MUpdateTask-S-1-5-21-1926485034-965944004-2204550972-1001 => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {B41574B0-5563-41C3-84CA-0BE08E336BC8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B973AD1C-507F-418C-B825-828745779E54} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {D2193EAF-3102-472A-8ACC-F88A190EAFB0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [340440 2015-01-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {D2BBF6C1-7498-4880-BB97-F6C4FF783DD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-25] (Google Inc -> Google Inc.)
Task: {D352D278-4215-4838-A199-A460B0B5B1D9} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-10] (McAfee, Inc. -> McAfee, LLC.)
Task: {D574E510-EE20-4EE1-8738-F2A4283C38AA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {D71CB7E5-F7FE-4F47-9031-6A60950A4563} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4114728 2021-04-29] (McAfee, LLC -> McAfee, LLC)
Task: {DA6A7D91-9502-4861-AD6F-A9A30998604C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4796736 2021-07-13] (McAfee, LLC -> McAfee, LLC)
Task: {DCA8B382-E49D-4240-934E-5FA2B8EA2C4D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-30] (Dropbox, Inc -> DropboxOEM)
Task: {E2A84BE1-C42B-4C00-BC73-7BBC63D92DFE} - System32\Tasks\G2MUploadTask-S-1-5-21-1926485034-965944004-2204550972-1001 => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {E37DB7CD-33EC-47AF-BAA8-6449A6C87FBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-25] (Google Inc -> Google Inc.)
Task: {E8E0B720-3AED-4D3A-9621-C29C72820340} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {EDA2A76E-79BF-47BE-BA34-C044F00E6BC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F58D387E-5000-4966-9DD1-CDB4DC8418F9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F793B3E8-EA3D-4A51-98DF-349C38D8894B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-16] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-4100 Series Update {1907288E-D865-42D4-BA47-92B6F4E3973B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE:/EXE:{1907288E-D865-42D4-BA47-92B6F4E3973B} /F:UpdateWORKGROUP\DESKTOP-UN1TS41$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1926485034-965944004-2204550972-1001.job => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1926485034-965944004-2204550972-1001.job => C:\Users\WMS\AppData\Local\GoToMeeting\19796\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{0537cac3-1bfd-4d83-b4a3-da8bf028a171}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ccb7ed41-1470-4614-b529-03505d43cf8c}: [DhcpNameServer] 10.0.0.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\WMS\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-22]
Edge HomePage: Default -> hxxp://dell17win10.msn.com/?pc=DCTE
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-02-04]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-08-17] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-08-12] (McAfee, LLC -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-08-12] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1926485034-965944004-2204550972-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1926485034-965944004-2204550972-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\WMS\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-01]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default [2021-08-22]
CHR Notifications: Default -> hxxps://app-atl.five9.com; hxxps://mail.google.com; hxxps://service.mcafee.com; hxxps://voice.google.com; hxxps://www.instacart.com
CHR Extension: (Slides) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-24]
CHR Extension: (Docs) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-24]
CHR Extension: (Google Drive) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-24]
CHR Extension: (Adobe Acrobat) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]
CHR Extension: (Sheets) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-22]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-08-14]
CHR Extension: (Cisco Webex Extension) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-07-28]
CHR Extension: (McAfee® Web Boost) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2021-05-28]
CHR Extension: (No Name) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\WMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR Profile: C:\Users\WMS\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3834400 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50376 2021-03-31] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [36792 2021-08-10] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [176568 2021-08-10] (Intel Corporation -> Intel)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-07-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel(R) RMT -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-22] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-13] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [797576 2021-08-12] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.5.102.0\\McCSPServiceHost.exe [2825792 2021-07-08] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1671760 2021-08-03] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4289856 2021-06-15] (McAfee, LLC -> McAfee, LLC)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink Corp. -> CyberLink)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-07] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-25] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425208 2021-06-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 10:28 - 2021-08-22 10:30 - 000038036 _____ C:\Users\WMS\Downloads\FRST.txt
2021-08-22 10:27 - 2021-08-22 10:29 - 000000000 ____D C:\FRST
2021-08-22 10:27 - 2021-08-22 10:27 - 002300928 _____ (Farbar) C:\Users\WMS\Downloads\FRST64 (1).exe
2021-08-22 10:26 - 2021-08-22 10:27 - 002300928 _____ (Farbar) C:\Users\WMS\Downloads\FRST64.exe
2021-08-22 10:23 - 2021-08-22 10:23 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-22 10:23 - 2021-08-22 10:23 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-22 10:23 - 2021-08-22 10:23 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-22 10:13 - 2021-08-22 10:18 - 000000000 ____D C:\$MfeDeepRem
2021-08-22 09:55 - 2021-08-22 09:55 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-22 09:53 - 2021-08-22 09:53 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup-119967.119967-consumer (1).exe
2021-08-22 09:21 - 2021-08-22 09:21 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup-119967.119967-consumer.exe
2021-08-21 21:09 - 2021-08-21 21:09 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-08-21 21:08 - 2021-08-21 21:08 - 000000000 ____D C:\WINDOWS\{95502192-209A-463C-A538-BA3BDA33CFCC}
2021-08-20 04:19 - 2021-08-20 04:19 - 000001950 _____ C:\Users\WMS\Desktop\safe.reg
2021-08-19 19:58 - 2021-08-22 10:23 - 000000000 ____D C:\Users\WMS\AppData\LocalLow\IGDump
2021-08-19 18:28 - 2021-08-19 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-08-19 06:46 - 2021-08-19 06:46 - 000000025 _____ C:\Users\WMS\Documents\yk.txt
2021-08-18 20:39 - 2021-08-18 20:39 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-08-18 04:51 - 2021-08-18 04:51 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-18 04:49 - 2021-08-18 04:49 - 002120496 _____ (Malwarebytes) C:\Users\WMS\Downloads\MBSetup (1).exe
2021-08-17 22:23 - 2021-08-17 22:23 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-08-16 00:04 - 2021-08-16 00:04 - 000740042 _____ C:\Users\WMS\Downloads\HWilliamsCorrected2020_TaxReturn.pdf
2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-08-14 10:02 - 2021-08-14 10:02 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-08-14 02:27 - 2021-08-14 02:28 - 000834906 _____ C:\Users\WMS\Downloads\Hwilliams2020taxreturn.pdf
2021-08-12 00:12 - 2021-08-14 15:12 - 000000151 _____ C:\Users\WMS\BullseyeCoverageError.txt
2021-08-11 19:37 - 2021-08-11 19:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 19:35 - 2021-08-11 19:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 19:35 - 2021-08-11 19:35 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-11 19:35 - 2021-08-11 19:35 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 19:34 - 2021-08-11 19:34 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-11 19:34 - 2021-08-11 19:34 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-11 19:34 - 2021-08-11 19:34 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-11 18:51 - 2021-08-11 18:51 - 000000000 ___HD C:\$WinREAgent
2021-08-11 17:55 - 2021-08-11 17:55 - 000001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2021-08-08 17:57 - 2021-08-08 17:57 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1926485034-965944004-2204550972-1001
2021-08-08 17:57 - 2021-08-08 17:57 - 000002375 _____ C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-07 18:54 - 2021-08-07 18:54 - 000000000 ____D C:\Users\WMS\AppData\Roaming\@harver
2021-08-07 18:54 - 2021-08-07 18:54 - 000000000 ____D C:\Users\WMS\AppData\Local\@harversaas-diagnostic-app-updater
2021-08-07 18:52 - 2021-08-07 18:53 - 053455200 _____ (Harver) C:\Users\WMS\Downloads\harver-system-checker (1).exe
2021-08-05 22:39 - 2021-08-05 22:39 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-08-05 16:05 - 2021-08-05 16:05 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2021-08-05 15:25 - 2021-08-05 15:25 - 000001424 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2021-07-31 15:34 - 2021-08-03 16:14 - 000000445 _____ C:\Users\WMS\Documents\studyap1.txt
2021-07-30 11:24 - 2021-07-30 11:24 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-28 21:14 - 2021-07-28 21:14 - 000002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-07-28 21:14 - 2021-07-28 21:14 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-07-27 04:19 - 2021-07-27 04:19 - 000097696 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\McPvDrv.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 10:30 - 2019-04-18 23:06 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-08-22 10:24 - 2020-12-15 21:56 - 000000000 __RSD C:\Users\WMS\Documents\McAfee Vaults
2021-08-22 10:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-22 10:22 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-22 10:22 - 2017-06-25 12:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-22 10:22 - 2017-06-01 20:19 - 000000000 __SHD C:\Users\WMS\IntelGraphicsProfiles
2021-08-22 10:18 - 2021-01-28 12:24 - 000470900 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-22 10:12 - 2021-01-28 12:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-22 10:12 - 2020-10-25 22:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-22 10:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-22 10:12 - 2017-04-10 18:20 - 000000000 ____D C:\Intel
2021-08-22 10:11 - 2021-01-28 12:11 - 000000000 ____D C:\Users\WMS
2021-08-22 10:11 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-22 10:01 - 2020-08-20 17:26 - 000000000 ____D C:\Users\WMS\AppData\Local\CrashDumps
2021-08-22 09:56 - 2020-05-29 13:46 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-22 09:56 - 2019-07-12 12:25 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-22 09:54 - 2019-07-12 12:24 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-22 09:00 - 2020-03-02 13:25 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-08-22 08:54 - 2021-01-28 12:37 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{17296D65-B982-4094-84D6-5B5F13C4F998}
2021-08-21 23:08 - 2021-01-28 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-21 22:38 - 2021-01-28 12:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-08-21 22:01 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-21 21:16 - 2020-07-11 20:53 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-21 21:16 - 2020-07-11 20:53 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-08-21 21:09 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-21 20:57 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-20 06:05 - 2020-12-11 07:17 - 000001386 _____ C:\Users\WMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-08-20 05:57 - 2020-12-11 07:13 - 000001280 _____ C:\Users\WMS\Desktop\ESET Online Scanner.lnk
2021-08-20 05:24 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-19 18:29 - 2017-04-10 18:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-08-19 18:16 - 2019-10-12 10:49 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-08-19 01:43 - 2021-06-14 05:35 - 000000734 _____ C:\Users\WMS\Documents\bio201.txt
2021-08-18 20:45 - 2017-04-10 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-08-16 22:47 - 2017-04-10 18:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-16 15:59 - 2017-06-25 12:57 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-16 15:59 - 2017-06-25 12:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-16 00:09 - 2021-02-08 18:42 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f59a6bbb0734
2021-08-16 00:09 - 2021-01-28 12:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-15 22:50 - 2020-12-25 06:00 - 000000000 ____D C:\Users\WMS\Documents\TurboTax
2021-08-15 15:41 - 2017-04-10 18:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-15 15:41 - 2017-04-10 18:21 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-14 20:55 - 2021-01-28 12:37 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-08-13 06:07 - 2021-01-28 12:37 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-08-13 06:07 - 2021-01-28 12:37 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-08-13 03:28 - 2017-08-21 18:50 - 000000000 ____D C:\Users\WMS\AppData\Local\GoToMeeting
2021-08-11 21:00 - 2021-06-06 10:47 - 000463720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-11 20:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 20:55 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-11 18:47 - 2017-06-29 09:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 18:41 - 2017-06-29 09:05 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-11 17:55 - 2017-08-04 01:42 - 000000000 ____D C:\Program Files (x86)\Intel
2021-08-11 17:55 - 2017-04-10 18:14 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-09 21:47 - 2017-11-15 19:02 - 000000000 ____D C:\Users\WMS\AppData\Local\Packages
2021-08-08 17:57 - 2017-06-01 20:24 - 000000000 ___RD C:\Users\WMS\OneDrive
2021-08-05 16:05 - 2019-04-09 01:42 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2021-08-04 19:28 - 2021-01-28 12:37 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-04 19:28 - 2021-01-28 12:37 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 06:51 - 2020-09-30 23:40 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-01 20:22 - 2019-10-12 10:52 - 000000000 ____D C:\Program Files\McAfee
2021-08-01 20:22 - 2019-10-12 10:52 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-08-01 20:22 - 2019-10-12 10:49 - 000000000 ____D C:\ProgramData\McAfee
2021-07-26 20:58 - 2021-05-28 14:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

==================== Files in the root of some directories ========

2019-05-15 09:21 - 2019-05-15 09:21 - 000000514 _____ () C:\Users\WMS\AppData\Local\LMIR07508001.tmp_r.bat
2020-03-02 13:23 - 2020-03-02 13:23 - 000000410 _____ () C:\Users\WMS\AppData\Local\oobelibMkey.log
2017-10-27 11:59 - 2019-01-25 20:21 - 000007605 _____ () C:\Users\WMS\AppData\Local\Resmon.ResmonCfg

==================== FLock ==============================

2021-01-28 12:41 C:\Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
Ran by WMS (22-08-2021 10:32:00)
Running from C:\Users\WMS\Downloads
Windows 10 Home Version 20H2 19042.1165 (X64) (2021-01-28 17:39:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1926485034-965944004-2204550972-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1926485034-965944004-2204550972-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1926485034-965944004-2204550972-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1926485034-965944004-2204550972-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1926485034-965944004-2204550972-504 - Limited - Disabled)
WMS (S-1-5-21-1926485034-965944004-2204550972-1001 - Administrator - Enabled) => C:\Users\WMS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Amazon WorkSpaces (HKLM-x32\...\{317904EA-DB48-47CA-846F-B164EFCA264C}) (Version: 3.1.9.2201 - Amazon Web Services, Inc)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2016.0926.2121 - F5 Networks, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{3722784A-D530-4C82-BB78-4DF3E1A4CAD9}) (Version: 4.0.90.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{71A59A4C-9348-4CA2-B98C-E422E14C9D31}) (Version: 3.10.2.29 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 129.4.3571 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
Easy Photo Scan (HKLM-x32\...\{756618E1-97CD-4FA0-87EB-67DF4E8EE8ED}) (Version: 1.00.0014 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E65F6027-38B4-474E-98F1-B321628C3D79}) (Version: 3.11.0008 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-4100 Series Printer Uninstall (HKLM\...\EPSON XP-4100 Series) (Version:  - Seiko Epson Corporation)
Epson XP-4100_XP-4105 User’s Guide (HKLM-x32\...\UsersGuideEpson XP-4100_XP-4105 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.)
HL-L2300D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Intel Driver && Support Assistant (HKLM-x32\...\{BC82D1AD-802A-4733-BB90-A8E59AB8434A}) (Version: 21.5.33.3 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{b09ce953-882c-4131-a693-2e1d73b1e50d}) (Version: 21.5.33.3 - Intel)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9134.0 - Waves Audio Ltd.) Hidden
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R36 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Skype for Business Basic 2016 - en-us (HKLM\...\SkypeforBusinessEntryRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.613 - McAfee, LLC)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-03-02] (Adobe Systems Incorporated)
CyberLink Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.CyberLinkMediaSuiteEssentials_1.0.10.0_x86__mcezb6ze687jp [2018-03-13] (CYBERLINK CORPORATION.)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-11] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.5.0_x64__htrsf667h5kn2 [2021-08-22] (Dell Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-21] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.8.7.0_x86__h6adky7gbf63m [2021-08-11] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10628.5716.0_x64__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-07] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-10] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\WMS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\WMS\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\WMS\Dropbox [2017-06-01 20:20]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a83a57c91f6fd100\igfxDTCM.dll [2021-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506392 2016-04-27] (proDAD GmbH -> proDAD GmbH)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\WMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-03-31 14:01 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2021-06-05 21:06 - 2017-12-22 12:53 - 000025299 _____ () [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2021-06-05 21:06 - 2017-12-22 12:53 - 000122880 _____ () [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2021-06-05 21:06 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2021-06-05 21:06 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2021-06-05 21:06 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2021-04-13 12:36 - 2021-04-13 12:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 000452096 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.09f690bd#\8fb5b818cccb5b59638b21e088199977\Intuit.Spc.Esd.Client.BusinessLogic.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 000223744 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.618c5f21#\dfe967be112c98a2a994461a32e335f3\Intuit.Spc.Esd.Client.DataAccess.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 000166400 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.820cb8f8#\04d1cfdf82be9ce896c84e7e00b93dc4\Intuit.Spc.Esd.Client.Common.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 001131520 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.8e5e058c#\da9cc0b626f03c9f6e5db848364f179f\Intuit.Spc.Esd.WinClient.Api.Net.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 000749568 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.e37652b5#\2bbe3780dc4c1d04137cd10a42e4e761\Intuit.Spc.Map.Reporter.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 000886784 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.Esd.Core\3f3235820e11416dcced4f3f79403313\Intuit.Spc.Esd.Core.ni.dll
2021-08-14 15:01 - 2021-08-14 15:01 - 001112576 _____ (Intuit) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.fecc593b#\051d52139c8ebae433c3a6875b1c4508\Intuit.Spc.Map.WindowsFirewallUtilities.ni.dll
2020-08-14 21:29 - 2020-08-14 21:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2017-02-13 15:54 - 2017-02-13 15:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> DefaultScope {ED196E32-5A0B-4BF8-B948-2C93F9FEC1C2} URL = 
SearchScopes: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> {ED196E32-5A0B-4BF8-B948-2C93F9FEC1C2} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-08-13] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-08-13] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1926485034-965944004-2204550972-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-02-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-29] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\incontact.com -> hxxps://engage.incontact.com
IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\liveops.com -> hxxps://agents.liveops.com
IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\michaels.com -> hxxps://sa.michaels.com
IE trusted site: HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\sharepoint.com -> hxxps://leudineglobal-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2019-09-09 15:19 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-05-10 16:05 - 2021-05-10 16:05 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-1926485034-965944004-2204550972-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\WMS\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1926485034-965944004-2204550972-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F021BCF7-ED74-4848-9A55-C9D9C9F5776A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{F12E73DC-B031-4731-BF09-4863B2CC9C43}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{BD826514-3901-4443-8EEA-A79316D00E5F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1861595E-19AF-44DF-A5ED-3B3F8A221D1B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{0A273CBF-8B79-47DB-ACD1-C444A05252B3}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [UDP Query User{2D10E769-A3F2-4D8C-A6E3-29F7D7BC3C66}C:\windows\syswow64\presentationhost.exe] => (Allow) C:\windows\syswow64\presentationhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{AE2E1472-6676-4ED4-93D4-6E895E5E7D30}C:\windows\syswow64\presentationhost.exe] => (Allow) C:\windows\syswow64\presentationhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3905D4CA-72AE-47DE-A425-5171627C79B4}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A5B7F4D4-2934-489E-A6B8-1D480CA35127}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6C9EFDE0-8605-4ABB-91CE-9D9D268187B7}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{CDA968ED-4746-4391-8FF9-62D63680802E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F2C5BC84-37F8-49AF-B7B7-57571DCD119C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D6A7D6D9-69FC-443B-9B15-538B155B3494}C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [UDP Query User{E19B05EA-FED1-4A95-9989-0D4D1E8EAE44}C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [{794FA227-29BD-40D6-AFE5-B0BB1E81318E}] => (Block) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [{73EF549F-C1B7-4A27-A660-2246B6F29277}] => (Block) C:\users\wms\appdata\local\programs\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [{36B67AD8-2862-4087-968A-088AA23E39E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B94BE9BC-45AC-4687-A189-75ECF6F6974D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D0FD499-C9D1-4A34-A21B-F6DBE604D58E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{751E83D0-5161-4472-AEC2-6B54E635CDEB}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{9618E2D4-6E7A-42FF-987D-F08EE974638E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{6FB66D09-97A1-4316-976F-BA6C9B006B7C}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{756CC92B-0CE2-4030-AE16-881B2FF0D1BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C6D78B9-A78D-4374-AF78-9C9ED624154F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{54EA3454-6930-4EC8-9B9D-EB954AB5904A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{09D23DB0-FBC5-49FD-B1FC-5A453B344E40}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C7CA76E5-4AA6-48B8-A309-A30C8DC29EFF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A241A5B2-354C-40B6-A438-3C162FCEE24A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7329F966-A1FD-4E7F-923C-9DB9236A8800}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D994EF81-F871-4368-ABAE-3D2AC97AE370}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F089FB0C-36FE-4F4C-964E-18AD6DE0AA05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{085D90FE-D7D2-45D2-B1AB-A37B9A335599}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5E84291-F1EF-4825-9B36-A19ED07F6A90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D3B8BD4-6CC4-4105-BF03-15CEB62BFE59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A388EAE6-4DD1-4C2E-9B81-3524973BBC86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{A7611527-E703-4A91-B2D4-756BA1F9FDF9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

05-08-2021 16:21:58 Installed Intel(R) Wireless Bluetooth(R)
11-08-2021 18:47:38 Windows Modules Installer
17-08-2021 21:04:53 Windows Update
20-08-2021 04:18:00 8.20.2021

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/22/2021 10:26:50 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-UN1TS41)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (08/22/2021 10:18:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/22/2021 10:18:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/22/2021 10:14:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/22/2021 10:14:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/22/2021 10:01:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Exception code: 0xc0000005
Fault offset: 0x004214fb
Faulting process id: 0x320c
Faulting application start time: 0x01d797669afc1438
Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Report Id: c5b91bd6-b11c-4b08-9e75-166a7d42fb62
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/22/2021 10:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Exception code: 0xc0000005
Fault offset: 0x004214fb
Faulting process id: 0x43f4
Faulting application start time: 0x01d797669174dfa1
Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Report Id: 26b3849f-83f9-4329-a7b9-656c4848245f
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/22/2021 10:00:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Exception code: 0xc0000005
Fault offset: 0x004214fb
Faulting process id: 0x4428
Faulting application start time: 0x01d797666cf5ac79
Faulting application path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Faulting module path: C:\Users\WMS\Downloads\adwcleaner_7.4.1.exe
Report Id: ad536f15-3441-4f41-a66e-27a7a0bbdcc8
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (08/22/2021 10:11:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Hardware Support service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Driver & Support Assistant service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2021 10:10:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-06-06 12:47:59
Description: 
Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory.
Detection time: 2021-06-06T17:47:59.649Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Security intelligence Version: 1.341.190.0
Engine Version: 1.1.18200.4
Product Version: 4.18.2009.7

Date: 2021-06-06 12:33:00
Description: 
Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory.
Detection time: 2021-06-06T17:33:00.507Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Security intelligence Version: 1.341.190.0
Engine Version: 1.1.18200.4
Product Version: 4.18.2009.7

Date: 2021-06-06 12:17:59
Description: 
Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory.
Detection time: 2021-06-06T17:17:59.637Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Security intelligence Version: 1.341.190.0
Engine Version: 1.1.18200.4
Product Version: 4.18.2009.7

Date: 2021-06-06 12:03:02
Description: 
Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory.
Detection time: 2021-06-06T17:03:02.340Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Security intelligence Version: 1.341.190.0
Engine Version: 1.1.18200.4
Product Version: 4.18.2009.7

Date: 2021-06-06 11:47:59
Description: 
Controlled Folder Access blocked C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe from making changes to memory.
Detection time: 2021-06-06T16:47:59.418Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Security intelligence Version: 1.341.190.0
Engine Version: 1.1.18200.4
Product Version: 4.18.2009.7

Date: 2021-06-06 11:11:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.341.190.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18200.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-03-06 11:31:44
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.325.1056.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17500.4
Error code: 0x80070102
Error description: The wait operation timed out. 

CodeIntegrity:
===============
Date: 2021-08-22 10:34:50
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements.

Date: 2021-08-22 10:32:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Dell Inc. 1.15.1 12/24/2020
Motherboard: Dell Inc. 07KY25
Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 67%
Total physical RAM: 8103.7 MB
Available physical RAM: 2654.59 MB
Total Virtual: 13991.7 MB
Available Virtual: 7375.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.29 GB) (Free:794.17 GB) NTFS

\\?\Volume{1fcdd39d-8851-43b4-b818-e490266a0e69}\ () (Fixed) (Total:0.84 GB) (Free:0.41 GB) NTFS
\\?\Volume{4c784866-2d6c-4128-9e23-ce28d2235322}\ (Image) (Fixed) (Total:11.7 GB) (Free:0.54 GB) NTFS
\\?\Volume{d3c4d029-4d38-4279-b81b-21bbb159507d}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.34 GB) NTFS
\\?\Volume{2e6175b8-e9d5-4229-b8e8-13180a6552bc}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

 

 

 

 

 

Link to post
Share on other sites

  • Solution
Hiya Robin2020,

Do not see much wrong with your logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,

Kevin.

fixlist.txt

Link to post
Share on other sites

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
Ran by WMS (23-08-2021 04:28:06) Run:1
Running from C:\Users\WMS\Downloads
Loaded Profiles: defaultuser0 & WMS
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Task: {1875FCCB-A2D8-4558-8AD8-CD4F3DB13580} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2CF945EB-3E39-4457-9C2A-13ED38767C15} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION
Task: {8110A042-A7C7-4244-A734-C3CC9D48DAC6} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\WMS\AppData\Local\Microsoft\Windows\INetCache\IE\DSVLIUZ4\esetonlinescanner_enu.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
cmd: dism /online /cleanup-image /restorehealth
cmd: sfc /scannow
Hosts:
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1875FCCB-A2D8-4558-8AD8-CD4F3DB13580}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1875FCCB-A2D8-4558-8AD8-CD4F3DB13580}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CF945EB-3E39-4457-9C2A-13ED38767C15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF945EB-3E39-4457-9C2A-13ED38767C15}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8110A042-A7C7-4244-A734-C3CC9D48DAC6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8110A042-A7C7-4244-A734-C3CC9D48DAC6}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKU\S-1-5-21-1926485034-965944004-2204550972-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully

========= dism /online /cleanup-image /restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19042.1165

[==                         3.8%                           ] 
[==                         3.8%                           ] 
[==                         3.9%                           ] 
[==                         4.2%                           ] 
[==                         4.4%                           ] 
[==                         4.5%                           ] 
[==                         4.8%                           ] 
[==                         4.8%                           ] 
[==                         4.9%                           ] 
[==                         5.1%                           ] 
[===                        5.4%                           ] 
[===                        5.7%                           ] 
[===                        5.7%                           ] 
[===                        5.8%                           ] 
[===                        6.0%                           ] 
[===                        6.3%                           ] 
[===                        6.6%                           ] 
[===                        6.6%                           ] 
[===                        6.7%                           ] 
[====                       6.9%                           ] 
[====                       7.0%                           ] 
[====                       7.2%                           ] 
[====                       7.2%                           ] 
[====                       7.3%                           ] 
[====                       7.4%                           ] 
[====                       7.5%                           ] 
[====                       7.8%                           ] 
[====                       8.3%                           ] 
[====                       8.5%                           ] 
[=====                      8.8%                           ] 
[=====                      8.9%                           ] 
[=====                      9.0%                           ] 
[=====                      9.1%                           ] 
[=====                      9.2%                           ] 
[=====                      9.3%                           ] 
[=====                      9.5%                           ] 
[=====                      9.5%                           ] 
[=====                      9.6%                           ] 
[=====                      9.6%                           ] 
[=====                      9.7%                           ] 
[=====                      9.8%                           ] 
[=====                      10.0%                          ] 
[=====                      10.1%                          ] 
[=====                      10.3%                          ] 
[======                     10.4%                          ] 
[======                     10.6%                          ] 
[======                     10.9%                          ] 
[======                     11.0%                          ] 
[======                     11.3%                          ] 
[======                     11.6%                          ] 
[======                     11.8%                          ] 
[======                     11.9%                          ] 
[=======                    12.2%                          ] 
[=======                    12.5%                          ] 
[=======                    12.8%                          ] 
[=======                    13.0%                          ] 
[=======                    13.1%                          ] 
[=======                    13.4%                          ] 
[=======                    13.5%                          ] 
[=======                    13.6%                          ] 
[========                   13.8%                          ] 
[========                   13.9%                          ] 
[========                   14.1%                          ] 
[========                   14.1%                          ] 
[========                   14.2%                          ] 
[========                   14.2%                          ] 
[========                   14.5%                          ] 
[========                   14.7%                          ] 
[========                   14.9%                          ] 
[========                   15.1%                          ] 
[========                   15.3%                          ] 
[=========                  15.6%                          ] 
[=========                  15.8%                          ] 
[=========                  15.9%                          ] 
[=========                  16.2%                          ] 
[=========                  16.7%                          ] 
[==========                 17.3%                          ] 
[==========                 18.0%                          ] 
[==========                 18.6%                          ] 
[==========                 18.9%                          ] 
[===========                19.3%                          ] 
[===========                19.8%                          ] 
[===========                20.1%                          ] 
[===========                20.4%                          ] 
[===========                20.6%                          ] 
[============               20.9%                          ] 
[============               21.4%                          ] 
[============               21.7%                          ] 
[============               21.7%                          ] 
[============               22.0%                          ] 
[============               22.1%                          ] 
[============               22.3%                          ] 
[=============              22.6%                          ] 
[=============              22.9%                          ] 
[=============              23.4%                          ] 
[=============              23.9%                          ] 
[==============             24.2%                          ] 
[==============             24.5%                          ] 
[==============             24.6%                          ] 
[==============             25.0%                          ] 
[==============             25.3%                          ] 
[==============             25.5%                          ] 
[==============             25.7%                          ] 
[===============            26.0%                          ] 
[===============            26.3%                          ] 
[===============            26.4%                          ] 
[===============            26.7%                          ] 
[===============            26.9%                          ] 
[===============            26.9%                          ] 
[===============            27.0%                          ] 
[===============            27.1%                          ] 
[===============            27.1%                          ] 
[===============            27.5%                          ] 
[================           27.6%                          ] 
[================           27.8%                          ] 
[================           28.1%                          ] 
[================           28.5%                          ] 
[================           28.7%                          ] 
[================           29.0%                          ] 
[================           29.3%                          ] 
[=================          29.6%                          ] 
[=================          29.7%                          ] 
[=================          30.0%                          ] 
[=================          30.4%                          ] 
[=================          30.4%                          ] 
[=================          30.6%                          ] 
[=================          30.7%                          ] 
[=================          30.9%                          ] 
[==================         31.3%                          ] 
[==================         31.6%                          ] 
[==================         31.8%                          ] 
[==================         32.0%                          ] 
[==================         32.2%                          ] 
[==================         32.4%                          ] 
[==================         32.5%                          ] 
[==================         32.7%                          ] 
[===================        33.0%                          ] 
[===================        33.1%                          ] 
[===================        33.4%                          ] 
[===================        33.5%                          ] 
[===================        33.7%                          ] 
[===================        33.9%                          ] 
[===================        34.2%                          ] 
[===================        34.3%                          ] 
[===================        34.4%                          ] 
[====================       34.7%                          ] 
[====================       34.8%                          ] 
[====================       34.9%                          ] 
[====================       35.0%                          ] 
[====================       35.2%                          ] 
[====================       35.3%                          ] 
[====================       35.5%                          ] 
[====================       35.8%                          ] 
[====================       35.9%                          ] 
[====================       35.9%                          ] 
[====================       36.1%                          ] 
[====================       36.2%                          ] 
[====================       36.2%                          ] 
[=====================      36.3%                          ] 
[=====================      36.8%                          ] 
[=====================      37.0%                          ] 
[=====================      37.1%                          ] 
[=====================      37.1%                          ] 
[=====================      37.2%                          ] 
[=====================      37.3%                          ] 
[=====================      37.3%                          ] 
[=====================      37.3%                          ] 
[=====================      37.4%                          ] 
[=====================      37.4%                          ] 
[=====================      37.5%                          ] 
[=====================      37.5%                          ] 
[=====================      37.6%                          ] 
[=====================      37.6%                          ] 
[=====================      37.6%                          ] 
[=====================      37.7%                          ] 
[=====================      37.7%                          ] 
[=====================      37.7%                          ] 
[=====================      37.8%                          ] 
[=====================      37.9%                          ] 
[======================     38.0%                          ] 
[======================     38.0%                          ] 
[======================     38.0%                          ] 
[======================     38.0%                          ] 
[======================     38.1%                          ] 
[======================     38.2%                          ] 
[======================     38.3%                          ] 
[======================     38.3%                          ] 
[======================     38.3%                          ] 
[======================     38.3%                          ] 
[======================     38.4%                          ] 
[======================     38.6%                          ] 
[======================     38.6%                          ] 
[======================     38.7%                          ] 
[======================     38.7%                          ] 
[======================     38.8%                          ] 
[======================     38.8%                          ] 
[======================     38.9%                          ] 
[======================     38.9%                          ] 
[======================     39.0%                          ] 
[======================     39.1%                          ] 
[======================     39.2%                          ] 
[======================     39.2%                          ] 
[======================     39.4%                          ] 
[======================     39.5%                          ] 
[======================     39.5%                          ] 
[=======================    39.7%                          ] 
[=======================    39.8%                          ] 
[=======================    39.8%                          ] 
[=======================    40.0%                          ] 
[=======================    40.2%                          ] 
[=======================    40.3%                          ] 
[=======================    40.4%                          ] 
[=======================    40.5%                          ] 
[=======================    40.6%                          ] 
[=======================    40.8%                          ] 
[=======================    41.0%                          ] 
[=======================    41.3%                          ] 
[========================   41.4%                          ] 
[========================   41.5%                          ] 
[========================   41.6%                          ] 
[========================   41.7%                          ] 
[========================   42.0%                          ] 
[========================   42.2%                          ] 
[========================   42.3%                          ] 
[========================   42.5%                          ] 
[========================   42.7%                          ] 
[========================   42.9%                          ] 
[========================   42.9%                          ] 
[========================   43.0%                          ] 
[=========================  43.2%                          ] 
[=========================  43.2%                          ] 
[=========================  43.3%                          ] 
[=========================  43.4%                          ] 
[=========================  43.5%                          ] 
[=========================  43.5%                          ] 
[=========================  43.6%                          ] 
[=========================  43.7%                          ] 
[=========================  43.8%                          ] 
[=========================  43.9%                          ] 
[=========================  44.1%                          ] 
[=========================  44.1%                          ] 
[=========================  44.2%                          ] 
[=========================  44.3%                          ] 
[=========================  44.4%                          ] 
[=========================  44.5%                          ] 
[=========================  44.5%                          ] 
[=========================  44.6%                          ] 
[=========================  44.7%                          ] 
[========================== 44.9%                          ] 
[========================== 44.9%                          ] 
[========================== 45.0%                          ] 
[========================== 45.1%                          ] 
[========================== 45.3%                          ] 
[========================== 45.4%                          ] 
[========================== 45.6%                          ] 
[========================== 45.8%                          ] 
[========================== 46.0%                          ] 
[========================== 46.0%                          ] 
[========================== 46.2%                          ] 
[========================== 46.3%                          ] 
[========================== 46.4%                          ] 
[===========================46.6%                          ] 
[===========================46.9%                          ] 
[===========================47.1%                          ] 
[===========================47.4%                          ] 
[===========================47.5%                          ] 
[===========================47.8%                          ] 
[===========================47.8%                          ] 
[===========================47.9%                          ] 
[===========================48.1%                          ] 
[===========================48.2%                          ] 
[===========================48.2%                          ] 
[===========================48.3%                          ] 
[===========================48.3%                          ] 
[===========================48.8%                          ] 
[===========================48.9%                          ] 
[===========================49.1%                          ] 
[===========================49.2%                          ] 
[===========================49.4%                          ] 
[===========================49.7%                          ] 
[===========================50.0%                          ] 
[===========================50.4%                          ] 
[===========================50.6%                          ] 
[===========================50.8%                          ] 
[===========================50.9%                          ] 
[===========================50.9%                          ] 
[===========================50.9%                          ] 
[===========================51.2%                          ] 
[===========================51.2%                          ] 
[===========================51.3%                          ] 
[===========================51.5%                          ] 
[===========================51.7%                          ] 
[===========================51.8%                          ] 
[===========================51.8%                          ] 
[===========================51.8%                          ] 
[===========================52.0%                          ] 
[===========================52.3%                          ] 
[===========================52.4%                          ] 
[===========================52.4%                          ] 
[===========================52.4%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.5%                          ] 
[===========================52.6%                          ] 
[===========================52.7%                          ] 
[===========================52.7%                          ] 
[===========================52.7%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.8%                          ] 
[===========================52.9%                          ] 
[===========================52.9%                          ] 
[===========================52.9%                          ] 
[===========================52.9%                          ] 
[===========================53.0%                          ] 
[===========================53.0%                          ] 
[===========================53.1%                          ] 
[===========================53.1%                          ] 
[===========================53.1%                          ] 
[===========================53.1%                          ] 
[===========================53.2%                          ] 
[===========================53.3%                          ] 
[===========================53.3%                          ] 
[===========================53.3%                          ] 
[===========================53.4%                          ] 
[===========================53.4%                          ] 
[===========================53.4%                          ] 
[===========================53.4%                          ] 
[===========================53.5%                          ] 
[===========================53.6%                          ] 
[===========================53.6%                          ] 
[===========================53.6%                          ] 
[===========================53.7%                          ] 
[===========================53.7%                          ] 
[===========================53.7%                          ] 
[===========================53.8%                          ] 
[===========================53.8%                          ] 
[===========================53.9%                          ] 
[===========================53.9%                          ] 
[===========================53.9%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.0%                          ] 
[===========================54.1%                          ] 
[===========================54.1%                          ] 
[===========================54.2%                          ] 
[===========================54.2%                          ] 
[===========================54.2%                          ] 
[===========================54.3%                          ] 
[===========================54.3%                          ] 
[===========================54.3%                          ] 
[===========================54.3%                          ] 
[===========================54.4%                          ] 
[===========================54.4%                          ] 
[===========================54.4%                          ] 
[===========================54.4%                          ] 
[===========================54.5%                          ] 
[===========================54.5%                          ] 
[===========================54.6%                          ] 
[===========================54.6%                          ] 
[===========================54.7%                          ] 
[===========================54.7%                          ] 
[===========================54.9%                          ] 
[===========================54.9%                          ] 
[===========================54.9%                          ] 
[===========================54.9%                          ] 
[===========================54.9%                          ] 
[===========================54.9%                          ] 
[===========================55.0%                          ] 
[===========================55.0%                          ] 
[===========================55.0%                          ] 
[===========================55.1%                          ] 
[===========================55.1%                          ] 
[===========================55.2%                          ] 
[===========================55.2%                          ] 
[===========================55.3%                          ] 
[===========================55.3%                          ] 
[===========================55.3%                          ] 
[===========================55.4%                          ] 
[===========================55.4%                          ] 
[===========================55.4%                          ] 
[===========================55.5%                          ] 
[===========================56.0%                          ] 
[===========================56.2%                          ] 
[===========================56.5%                          ] 
[===========================56.5%                          ] 
[===========================56.5%                          ] 
[===========================56.5%                          ] 
[===========================56.6%                          ] 
[===========================56.7%                          ] 
[===========================56.8%                          ] 
[===========================56.9%=                         ] 
[===========================57.5%=                         ] 
[===========================57.5%=                         ] 
[===========================57.7%=                         ] 
[===========================58.6%==                        ] 
[===========================59.5%==                        ] 
[===========================59.6%==                        ] 
[===========================60.1%==                        ] 
[===========================62.3%====                      ] 
[===========================84.9%=================         ] 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= sfc /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 5% complete. Verification 5% complete. Verification 6% complete. Verification 7% complete. Verification 7% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 13% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 18% complete. Verification 18% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 26% complete. Verification 26% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 29% complete. Verification 30% complete. Verification 31% complete. Verification 31% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 39% complete. Verification 39% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 42% complete. Verification 43% complete. Verification 44% complete. Verification 44% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 50% complete. Verification 50% complete. Verification 51% complete. Verification 52% complete. Verification 52% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 63% complete. Verification 63% complete. Verification 64% complete. Verification 65% complete. Verification 65% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 71% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 76% complete. Verification 76% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 84% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 87% complete. Verification 87% complete. Verification 88% complete. Verification 89% complete. Verification 89% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 97% complete. Verification 97% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\adobegc.log => moved successfully
C:\Windows\Temp\Application_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Application_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\APPX.0kpfu183nipoce5bd55ef3w_d.tmp => moved successfully
C:\Windows\Temp\APPX.3lwzilovz4923hstsv7ok0d5c.tmp => moved successfully
C:\Windows\Temp\APPX.6w9s96vo9_u2b59m_fg906_b.tmp => moved successfully
C:\Windows\Temp\APPX.9dbnt_8xkt8bvc456n4qwjw3f.tmp => moved successfully
C:\Windows\Temp\APPX.dwboaq06fjuh4stt9ijxh__yh.tmp => moved successfully
C:\Windows\Temp\APPX.iwg_akv30l571j97m79g3c58g.tmp => moved successfully
C:\Windows\Temp\APPX.myu0pi4evgt74rl4kxuc2_p2e.tmp => moved successfully
C:\Windows\Temp\APPX.q5pjfg9inez5hemb09vbgjdwd.tmp => moved successfully
C:\Windows\Temp\APPX.vqa10oc8lgv9n12nbeon9wlcc.tmp => moved successfully
C:\Windows\Temp\AppxErrorReport_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.txt => moved successfully
C:\Windows\Temp\AppxErrorReport_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.txt => moved successfully
C:\Windows\Temp\AutoUpdateScheduler.xml => moved successfully
C:\Windows\Temp\BullseyeCoverage-x64-ic-6.dll => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\CSPInstall.log => moved successfully
C:\Windows\Temp\CSPUninstall.log => moved successfully
C:\Windows\Temp\Dell Product Registration5_inspiron.xml => moved successfully
C:\Windows\Temp\Dell_SupportAssist_OS_Recovery_Plugin_for_Dell_Update_20210818204437.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210809-0316.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2218.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2229.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2329.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210810-2345.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0124.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0133.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0144.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0159.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0205.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0226.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0246.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0335.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0340.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0412.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0425.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0443.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0517.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0530.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-0539.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1506.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1506a.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1541.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-1758.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-2100.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210811-2115.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0116.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0159.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0205.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0214.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0225.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0428.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-0820.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210812-1220.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0130.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0428.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0656.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0707.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-0846.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1017.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1026.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-1059.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210813-2145.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-0331.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-0648.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1451.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1451a.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1455.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1500.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-1516.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2131.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2137.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2147.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2241.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2247.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210814-2353.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0023.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0036.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0204.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0648.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0725.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0734.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-0759.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-1541.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2055.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2058.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210815-2340.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0213.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0222.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0335.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0417.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0446.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0615.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0638.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-0651.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-1601.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2238.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2246.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2247.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2249.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210816-2343.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0015.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0024.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0046.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0149.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0352.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2046.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2051.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2208.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2229.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2237.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2326.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210817-2327.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0019.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0034.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0519.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-0821.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-1311.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2006.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2012.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2137.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2220.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2236.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210818-2344.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0034.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0048.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0152.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0301.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0336.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0503.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0546.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0640.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-0646.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1818.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1818a.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-1832.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2104.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2110.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210819-2114.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0357.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0400a.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0402.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0444.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0451.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0500.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0525.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0536.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0604.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-0833.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-1219.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210820-1333.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0013.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0301.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0342.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0358.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0410.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-0451.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2057.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2104.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2158.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2231.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2246.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210821-2318.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0030.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851a.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0851b.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0853.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-0912.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1010.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1012.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1027.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-1117.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2141.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2243.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210822-2356.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0029.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0034.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0134.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0157.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0235.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0247.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0350.log => moved successfully
C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0400.log => moved successfully
Could not move "C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0429.log" => Scheduled to move on reboot.
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175326.log => moved successfully
C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175326_000_DriverSupportAssistantInstaller.log => moved successfully
C:\Windows\Temp\Intel®_Driver_&_Support_Assistant_20210811175535.log => moved successfully
C:\Windows\Temp\launcher.serviceoscmd => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210811210014E6C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202108162246164D84).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202108172046161240).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202108200357281048).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210820044428E8C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210821205715EBC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210822101244EA4).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202108230429514A4C).log" => Scheduled to move on reboot.
C:\Windows\Temp\System_A1D8FF5D-93D2-0001-EBF6-DDA1D293D701.evtx => moved successfully
C:\Windows\Temp\System_A1D8FF5D-93D2-0002-1D23-DFA1D293D701.evtx => moved successfully
C:\Windows\Temp\{4AB531B6-092A-4A53-8B16-C5E50CAFD01D} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{DF0D6067-95BD-477A-9E3E-4386C3710C7E} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{F15CB4F2-A01B-453B-9E6D-48FF79B08C0D} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{FBFC9B3F-6CAE-409E-B57A-4719B0170C03} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== "C:\WINDOWS\system32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp" ========


=========== "C:\WINDOWS\syswow64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\syswow64\*.tmp" ========


=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 271496358 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 129962504 B
Edge => 2171354 B
Chrome => 2070193471 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 26022273 B
systemprofile32 => 26022273 B
LocalService => 26515661 B
NetworkService => 144175355 B
defaultuser0 => 144175355 B
WMS => 267025847 B

RecycleBin => 7002308884 B
EmptyTemp: => 9.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-08-2021 05:18:49)

C:\Windows\Temp\DESKTOP-UN1TS41-20210823-0429.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202108230429514A4C).log => Is moved successfully

==== End of Fixlog 05:18:50 ====

 

 

 


---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.347, (build 1.347.247.0)
Started On Mon Aug 23 05:28:33 2021

Engine: 1.1.18500.9
Signatures: 1.347.247.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Mon Aug 23 09:49:27 2021


Return code: 6 (0x6)
 

Link to post
Share on other sites

Hiya Robin2020,

Thanks for the update, good to hear your PC ok for you... Regarding donations, I only use paypal. Thank you for the offer.

Continue to finish up:

Right click on FRST here: C:\Users\WMS\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Condsider the following:

Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge..

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.