Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021 Ran by krueg_000 (19-09-2021 13:56:37) Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear Windows 10 Home Version 20H2 19042.1237 (X64) (2021-03-01 06:49:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled) Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled) krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000 WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation) Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden Intel(R) Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel) Intel(R) Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel) Intel(R) Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden Intel(R) WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation) IntelĀ® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5371.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com) Dell | Getting Started with Windows 8 -> C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2 [2014-06-23] (Dell Inc) Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2020-05-24] (Dell Inc) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-19] (Dell Inc) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-18] (HP Inc.) IntelĀ® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP) Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-02] (Microsoft Studios) [MS Ad] MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad] MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad] MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad] Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> ) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> ) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-18] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-18] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn ==================== Loaded Modules (Whitelisted) ============= 2021-09-19 13:44 - 2021-09-19 13:44 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_ctypes.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000128512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_elementtree.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000914432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_hashlib.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000027648 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_multiprocessing.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000036864 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_psutil_windows.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000046080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_socket.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 001303552 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_ssl.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000020480 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\_yappi.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000012800 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\common.time34.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000007168 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\hashobjs_ext.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000127488 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\pyexpat.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000682496 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\pysqlite2._sqlite.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000364544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\pythoncom27.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 000110080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\pywintypes27.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 000010240 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\select.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000017920 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\thumbnails_ext.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000686080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\unicodedata.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\usb_ext.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000098816 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32api.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000320512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32com.shell.shell.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000011264 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32crypt.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000018432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32event.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000119808 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32file.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000167936 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32gui.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000038912 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32inet.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000025600 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32pdh.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000024064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32pipe.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000035840 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32process.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000017408 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32profile.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000108544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32security.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000022528 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\win32ts.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000078848 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._animate.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 001067008 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._controls_.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 001176576 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._core_.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000806400 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._gdi_.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000077312 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._html2.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000733184 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._misc_.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000816128 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._windows_.pyd 2021-09-19 13:44 - 2021-09-19 13:44 - 000123392 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wx._wizard.pyd 2013-11-30 17:31 - 2013-03-01 12:58 - 000130048 _____ (CodePlex Community) [File not signed] [File is in use] C:\Program Files (x86)\Intel\irstrt\Microsoft.Win32.TaskScheduler.dll 2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\python27.dll 2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxbase30u_net_vc90.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxbase30u_vc90.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxmsw30u_adv_vc90.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxmsw30u_core_vc90.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxmsw30u_html_vc90.dll 2021-09-19 13:44 - 2021-09-19 13:44 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI110402\wxmsw30u_webview_vc90.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-03-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900 FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869 FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{104A7931-80CD-4F3A-A790-42492EE06276}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F153C4CC-A65B-47A3-88FC-866126D07CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2774294A-AB11-403D-8813-8B2CF3E080D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CF51200C-0103-4C68-9903-247A346BEC48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 19-09-2021 13:39:31 AdwCleaner_BeforeCleaning_19/09/2021_13:39:30 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/19/2021 01:33:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/18/2021 03:00:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (09/18/2021 03:00:24 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {ba4f6c79-8bde-4e72-9aae-ffd0c3c03259} Error: (09/18/2021 01:50:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/17/2021 06:41:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/15/2021 07:36:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/14/2021 10:13:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/13/2021 07:30:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (09/19/2021 01:47:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/19/2021 01:43:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: The system cannot find the file specified. Error: (09/19/2021 01:40:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (09/19/2021 01:39:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/19/2021 01:39:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (09/19/2021 01:39:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (09/19/2021 01:39:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SynTPEnh Caller Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/19/2021 01:39:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: ================ Date: 2021-09-17 19:04:21 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-09-14 22:22:51 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-09-13 21:07:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-09-05 19:56:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-09-01 23:53:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-06-30 03:44:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.102.0 Previous security intelligence Version: 1.341.1630.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-30 03:44:19 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.102.0 Previous security intelligence Version: 1.341.1630.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-30 03:44:19 Description: Microsoft Defender Antivirus has encountered an error trying to update the engine. New Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-03 23:55:55 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.341.8.0 Previous security intelligence Version: 1.339.1902.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18200.4 Previous Engine Version: 1.1.18100.6 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-03 23:55:55 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.341.8.0 Previous security intelligence Version: 1.339.1902.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18200.4 Previous Engine Version: 1.1.18100.6 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. ==================== Memory info =========================== BIOS: Dell Inc. A03 09/24/2013 Motherboard: Dell Inc. XPS 12-9Q33 Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 87% Total physical RAM: 4001.53 MB Available physical RAM: 501.82 MB Total Virtual: 8865.53 MB Available Virtual: 4132.1 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:56.42 GB) NTFS \\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS \\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.32 GB) NTFS \\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS \\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7) Partition: GPT. ==================== End of Addition.txt =======================