Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus disables/corrupts any virus programs and keeps coming back


  • Please log in to reply

#1
mis_allen

mis_allen

    New Member

  • Member
  • Pip
  • 3 posts

hi, about 2 weeks ago my computer became infected with virus/malware  ..(I was downloading a crack or keygen to system mechanic) stupidly .. I have looked for the site but do not remember where.. anyway i had mcafee running at the time .. it detected a problem which it fixed supposedly and i deleted that download/program and moved on with no further attempts .. the next day i noticed a few things were different .. small things .. start menu right click had different files .. couldn't right click for "properties" .. got progressively worse .all network settings and connections disappeared and i was unable to connect . text reader would start in every file i would open .. i chased it around in task mgr. for a bit just watching .. folders and files were renamed and no longer accessible,..(i should say i am the only user of this laptop and unfortunately always use admin account for everything) anyway it seemed like the system was slowly being shut down and would soon be unusable... i didn't have boot/rescue discs..i first tried "fixmestick" it worked like magic first round.. i thought i was good but after about an hour of looking for damaged files .. the same things began happening .. i followed same process as i had before, however fixmestick no longer worked. the next morning i was receiving calendar ,messages on my iPhone  that in 30 minutes i would be able to free myself with payment .. i deleted all the iPhone stuff .. and began restoring to previous month restore on laptop .. again was good for about 2 hours and it began  again .. this time i performed  a factory image restore from partition with the same results .. i then became serious about destroying this .. lol .I ran farbar .. followed by Microsoft malicious tool removal,  then installed Malwarebytes professional and webroots secure anywhere  ...spent most of yesterday checking pc .running web checks .. reconfigured router changed passwords ...and about 2 hours later the start menu would not pop up ... 

i removed MBAMChameleon and mbamswissarmy something whether they were legit or not.. i did remove a bit from registry but didn't want to go crazy ... anyway right now everything looks suspicious to me and I would greatly appreciate any help you could offer :). i am pasting the 2 Farbar  files below .. Thanks, Michael

 

FRST- notepad

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by S A (administrator) on DESKTOP-HR06UJB (Dell Inc. Inspiron 3558) (06-03-2021 18:27:24)
Running from C:\Users\S A\OneDrive\Desktop
Loaded Profiles: S A
Platform: Windows 10 Home Version 1511 10586.420 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Dell Inc -> ) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc. -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-15] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [DpmLiteEvent] => C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe [2537776 2014-11-19] (Wistron Corporation -> Wistron Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4917608 2021-03-06] (Webroot Inc. -> Webroot)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\RunOnce: [RemovalTool] => C:\Users\S A\AppData\Local\FSDART\a9fac8d3-71d3-495f-af60-e5fc78f5a5de\fssos.exe [1607040 2021-03-05] (F-Secure Corporation -> )
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10A9F968-44D4-42CF-A37C-0CAB932DA18E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E940AE-B9A7-4279-A440-AA49B7B57FB4} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel® Software Asset Manager -> Intel Corporation)
Task: {2AA87FE4-E5E6-4C4E-AFBB-C6798BC9D34B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {3829FC8B-3478-4CF6-85BD-6024AD66E102} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel® Software -> Intel Corporation)
Task: {3E57B0FB-16AF-4EBD-98B3-FFED1D0DC2C7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-30] (Dropbox, Inc -> DropboxOEM)
Task: {48B7DB76-6B8E-4F5E-B34C-E3A5B6E16CC9} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6CA0F544-026A-406F-8DA8-CBB2302A96D7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {6E4F85E3-31E4-4430-9F55-794257C4C7BC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [30904 2016-06-28] (Dell Inc. -> Dell Inc.)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {91DACA5D-439D-439B-ABE9-655CE40E52AA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1215960 2016-03-24] (Dell Inc. -> PC-Doctor, Inc.)
Task: {995A6E47-B6E7-435B-9517-861D9C930100} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1492BD3-015A-4C48-9695-E9E9F6DAD4F6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel® Software Asset Manager -> Intel Corporation)
Task: {A6653201-5FE6-47F8-9571-1AF0B43FD469} - System32\Tasks\DURestartTask => C:\WINDOWS\system32\net.exe [54784 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {A925573A-9091-436E-98EC-AFE5C90BC10F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [436696 2016-03-24] (Dell Inc. -> PC-Doctor, Inc.)
Task: {CD3F9858-6CBE-4399-AF6E-4C1CDE7F3797} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115056 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC90FD6D-6208-4F56-870A-71243049E8DF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1215960 2016-03-24] (Dell Inc. -> PC-Doctor, Inc.)
Task: {DD782644-A907-4459-BAFB-CDEAC6C1F5CD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115056 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {E64B5CB9-5771-44B7-8059-031EF0940A16} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1215960 2016-03-24] (Dell Inc. -> PC-Doctor, Inc.)
Task: {F5133683-5DFE-4485-BFD9-CDA515BC3DE3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0bb16d6d-15e6-4858-82c7-968f64131615}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Profile: C:\Users\S A\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-06]
Edge Extension: (Web Threat Shield) - C:\Users\S A\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmkaflbamgddpjacdmjlkhbnpnlemaea [2021-03-06]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [116248 2016-05-25] (Dell Inc -> Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell Inc -> Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-19] (Dell Inc -> )
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Techporch Incorporated -> Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Techporch Incorporated -> Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-02] (Dell Inc -> Dell Inc.)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S2 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel® Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel® Wireless Display -> Intel)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-06-28] (Dell Inc. -> Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [2037856 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3002624 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4917608 2021-03-06] (Webroot Inc. -> Webroot)
S4 0061311614670992mcinstcleanup; C:\WINDOWS\TEMP\006131~1.EXE -cleanup -nolog [X]
S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Microsoft Windows -> Windows ® Win 7 DDK provider)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corporation -> Wistron Corp.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-03-06] (Malwarebytes Corporation -> Malwarebytes)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation - Client Components Group -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-03-06] (Malwarebytes Inc -> Malwarebytes)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [31040 2014-04-29] (IPTS Alisa, OOO -> EldoS Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [268720 2020-06-15] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [145128 2021-03-06] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2021-03-06] (Webroot, Inc -> Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (All) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-06 18:16 - 2021-03-06 18:16 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-06 18:15 - 2021-03-06 18:15 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-06 18:15 - 2021-03-06 18:15 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-06 17:10 - 2021-03-06 17:10 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2021-03-06 14:26 - 2021-03-06 16:40 - 000000000 ____D C:\Users\S A\AppData\LocalLow\IGDump
2021-03-06 14:21 - 2021-03-06 18:15 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-06 14:21 - 2021-03-06 18:10 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-06 14:21 - 2021-03-06 14:21 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-06 14:21 - 2021-03-06 14:21 - 000000000 ____D C:\Users\S A\AppData\Local\mbam
2021-03-06 14:21 - 2021-03-06 14:20 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-03-06 14:21 - 2021-03-06 14:20 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-06 14:20 - 2021-03-06 14:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-06 14:20 - 2021-03-06 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-06 13:32 - 2021-03-06 13:32 - 000283460 _____ C:\WINDOWS\Minidump\030621-15156-01.dmp
2021-03-06 13:32 - 2021-03-06 13:32 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-06 13:31 - 2021-03-06 13:31 - 451484938 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 12:33 - 2021-03-06 12:39 - 000000000 ____D C:\Program Files\Farbar Scan Tool
2021-03-06 12:27 - 2021-03-06 14:19 - 002084016 _____ (Malwarebytes) C:\Users\S A\Downloads\MBSetup.exe
2021-03-06 11:50 - 2021-03-06 11:50 - 000000000 ____D C:\Users\S A\AppData\Roaming\CDROLLER
2021-03-06 11:50 - 2021-03-06 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDRoller
2021-03-06 11:50 - 2021-03-06 11:50 - 000000000 ____D C:\Program Files (x86)\CDRoller
2021-03-06 11:50 - 2014-04-29 19:37 - 000031040 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rawdsk3.sys
2021-03-06 11:39 - 2021-03-06 11:42 - 019508168 _____ (Digital Atlantic Corp. ) C:\Users\S A\Downloads\CDRoller11_en (2).exe
2021-03-06 10:37 - 2021-03-06 10:37 - 000000000 ____D C:\Users\S A\OneDrive\Documents\New folder
2021-03-06 10:29 - 2021-03-06 10:29 - 000029731 _____ C:\Users\S A\OneDrive\Documents\mbst-clean-results 030621.txt
2021-03-06 10:08 - 2021-03-06 10:39 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Virus Malware Tools
2021-03-06 09:34 - 2021-03-06 10:17 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Farbar Scan Tool
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ___HD C:\OneDriveTemp
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Taxes
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Outlook Files
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\OneNote Notebooks
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\McAfee Vaults
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Lease 2020
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\GomPlayer
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Custom Office Templates
2021-03-06 09:33 - 2021-03-06 09:33 - 000000000 ____D C:\Users\S A\OneDrive\Documents\Credit Reports
2021-03-06 09:33 - 2021-02-18 03:51 - 000000120 ____R C:\Users\S A\OneDrive\Documents\s's Notebook.url
2021-03-06 09:33 - 2021-01-23 19:57 - 000000086 _____ C:\Users\S A\OneDrive\Documents\cdroller.txt
2021-03-06 09:33 - 2021-01-23 13:07 - 000219403 _____ C:\Users\S A\OneDrive\Documents\Details_1.txt
2021-03-06 09:33 - 2021-01-10 23:18 - 000302230 _____ C:\Users\S A\OneDrive\Documents\Shelly Servsafe Cert.pdf
2021-03-06 09:33 - 2021-01-09 10:35 - 000303202 _____ C:\Users\S A\OneDrive\Documents\Marwan servsafe cert.pdf
2021-03-06 09:33 - 2021-01-09 10:35 - 000302755 _____ C:\Users\S A\OneDrive\Documents\JaviS servsafe cert.pdf
2021-03-06 09:33 - 2020-10-14 23:11 - 000000000 _____ C:\Users\S A\OneDrive\Documents\Default.rdp
2021-03-06 09:33 - 2020-10-04 12:08 - 000000458 _____ C:\Users\S A\OneDrive\Documents\a.txt
2021-03-06 09:33 - 2020-10-04 11:00 - 000000458 _____ C:\Users\S A\OneDrive\Documents\fileviewpro.txt
2021-03-06 09:33 - 2020-09-17 06:24 - 000009875 _____ C:\Users\S A\OneDrive\Documents\EQUIPMENT SERVICE LOG.xlsx
2021-03-06 09:33 - 2020-09-14 17:19 - 000452418 _____ C:\Users\S A\OneDrive\Documents\eStatement_8_24_2020.pdf
2021-03-06 09:33 - 2019-03-30 08:28 - 000046788 _____ C:\Users\S A\OneDrive\Documents\The Filter Store - Confirmation.html
2021-03-06 09:33 - 2018-10-27 08:35 - 000122714 _____ C:\Users\S A\OneDrive\Documents\eFaucets.com Order Confirm.html
2021-03-06 06:19 - 2021-03-06 06:19 - 000000000 ____D C:\Users\S A\AppData\Local\NetworkTiles
2021-03-06 04:19 - 2021-03-06 04:19 - 000000000 ____D C:\Users\S A\AppData\Local\ElevatedDiagnostics
2021-03-06 03:33 - 2021-03-06 03:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-06 03:02 - 2021-03-06 03:02 - 000000000 ____D C:\ProgramData\WRCore
2021-03-06 03:01 - 2021-03-06 18:15 - 000270680 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2021-03-06 03:01 - 2021-03-06 18:15 - 000225736 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2021-03-06 03:01 - 2021-03-06 18:15 - 000000000 ____D C:\ProgramData\WRData
2021-03-06 03:01 - 2021-03-06 03:02 - 000000000 ____D C:\Program Files\Webroot
2021-03-06 03:01 - 2021-03-06 03:01 - 000145128 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2021-03-06 03:01 - 2021-03-06 03:01 - 000058304 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2021-03-06 03:01 - 2021-03-06 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2021-03-06 03:01 - 2021-03-06 03:01 - 000000000 ____D C:\Program Files\Common Files\Webroot
2021-03-06 00:04 - 2021-03-06 10:15 - 000000046 _____ C:\Users\S A\OneDrive\Documents\mb-licenseinfo.txt
2021-03-05 04:51 - 2021-03-05 04:51 - 000000000 ____D C:\Users\S A\AppData\Local\F-Secure
2021-03-05 04:35 - 2021-03-06 05:50 - 000000000 ____D C:\ProgramData\F-Secure
2021-03-05 04:35 - 2021-03-05 23:56 - 000000000 ____D C:\Users\S A\AppData\Local\FSDART
2021-03-05 02:51 - 2021-03-06 17:07 - 001532476 _____ C:\WINDOWS\ntbtlog.txt
2021-03-05 02:12 - 2021-03-06 10:26 - 000000000 ____D C:\Users\S A\OneDrive\Documents\FRST64
2021-03-05 01:50 - 2021-03-06 18:27 - 000000000 ____D C:\FRST
2021-03-05 01:46 - 2021-03-05 01:46 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-03-05 00:46 - 2021-03-06 18:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-03-05 00:28 - 2021-03-06 18:14 - 000000000 ____D C:\WINDOWS\pss
2021-03-03 18:54 - 2021-03-06 01:30 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-03 18:48 - 2021-03-03 18:48 - 000000000 ____D C:\Users\S A\AppData\Local\Cyberlink
2021-03-02 04:22 - 2021-03-02 04:22 - 000000000 _SHDL C:\Documents and Settings
2021-03-02 04:18 - 2021-03-02 04:39 - 000000000 ____D C:\tmp
2021-03-02 04:09 - 2021-03-02 04:09 - 000000000 ____D C:\Users\S A\AppData\Local\OneDrive
2021-03-02 03:53 - 2021-03-06 01:30 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-02 03:51 - 2021-03-06 01:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-02 03:51 - 2021-03-06 01:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-02 03:49 - 2021-03-06 04:43 - 000000000 ____D C:\Users\S A\AppData\Local\CrashDumps
2021-03-02 03:16 - 2021-01-21 16:37 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-03-02 03:13 - 2021-03-06 03:27 - 000000000 ____D C:\Program Files\CUAssistant
2021-03-02 03:13 - 2021-03-05 02:07 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-02 03:13 - 2021-03-02 03:32 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-03-02 03:13 - 2021-03-02 03:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-02 03:13 - 2021-03-02 03:13 - 000000000 ____D C:\Program Files\rempl
2021-03-02 03:13 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2021-03-02 03:11 - 2018-06-01 18:31 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2021-03-02 03:11 - 2018-03-21 02:15 - 000026400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2021-03-02 03:11 - 2018-03-21 01:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2021-03-02 03:11 - 2018-03-21 00:34 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2021-03-02 03:11 - 2018-03-21 00:10 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2021-03-02 03:11 - 2018-03-20 23:40 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2021-03-02 03:11 - 2018-03-01 02:37 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapihost.exe
2021-03-02 03:11 - 2018-03-01 02:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2021-03-02 03:11 - 2018-03-01 01:45 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2021-03-02 03:11 - 2018-03-01 01:39 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2021-03-02 03:11 - 2018-03-01 01:35 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2021-03-02 03:11 - 2018-03-01 01:01 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2021-03-02 03:11 - 2018-01-14 17:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2021-03-02 03:11 - 2017-10-15 23:48 - 000508760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 002032472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2021-03-02 03:11 - 2017-10-15 22:56 - 001578848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000678752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000613720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000612192 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000250208 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000190296 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2021-03-02 03:11 - 2017-10-15 22:56 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2021-03-02 03:11 - 2017-10-15 22:36 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2021-03-02 03:11 - 2017-10-15 22:20 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2021-03-02 03:11 - 2017-09-14 02:08 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2021-03-02 03:11 - 2017-09-14 01:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2021-03-02 03:11 - 2017-09-14 01:38 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2021-03-02 03:11 - 2017-09-05 01:06 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2021-03-02 03:11 - 2017-09-05 00:10 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2021-03-02 03:11 - 2017-04-27 21:06 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2021-03-02 03:11 - 2016-10-25 02:26 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2021-03-02 02:51 - 2021-03-02 02:51 - 000000000 ____D C:\Users\S A\AppData\Local\Comms
2021-03-02 02:44 - 2021-03-02 02:44 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1051767444-124437913-613416110-1001
2021-03-02 02:42 - 2021-03-02 02:42 - 000000000 ____D C:\Users\S A\AppData\Roaming\Intel Corporation
2021-03-02 02:41 - 2021-03-06 12:36 - 000000000 ___RD C:\Users\S A\OneDrive
2021-03-02 02:41 - 2021-03-02 02:44 - 000002359 _____ C:\Users\S A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-02 02:41 - 2021-03-02 02:41 - 000000000 ____D C:\Users\S A\AppData\Local\MicrosoftEdge
2021-03-02 02:40 - 2021-03-02 02:40 - 000000000 ____D C:\Users\S A\AppData\Local\ActiveSync
2021-03-02 02:39 - 2021-03-02 02:39 - 000000000 ____D C:\Users\S A\AppData\Roaming\DropboxOEM
2021-03-02 02:39 - 2021-03-02 02:39 - 000000000 ____D C:\Users\S A\AppData\Local\Publishers
2021-03-02 02:39 - 2021-03-02 02:39 - 000000000 ____D C:\Users\S A\AppData\Local\Power2Go8
2021-03-02 02:39 - 2021-03-02 02:39 - 000000000 ____D C:\Users\S A\AppData\Local\DropboxOEM
2021-03-02 02:38 - 2021-03-06 18:17 - 000000000 __SHD C:\Users\S A\IntelGraphicsProfiles
2021-03-02 02:38 - 2021-03-06 09:04 - 000000000 ____D C:\Users\S A\AppData\Local\Packages
2021-03-02 02:38 - 2021-03-02 02:38 - 000000000 ____D C:\Users\S A\AppData\Roaming\Intel
2021-03-02 02:38 - 2021-03-02 02:38 - 000000000 ____D C:\Users\S A\AppData\Roaming\Adobe
2021-03-02 02:38 - 2021-03-02 02:38 - 000000000 ____D C:\Users\S A\AppData\Local\VirtualStore
2021-03-02 02:38 - 2021-03-02 02:38 - 000000000 ____D C:\Users\S A\AppData\Local\TileDataLayer
2021-03-02 02:37 - 2021-03-06 16:39 - 000000000 ____D C:\Users\S A
2021-03-02 02:37 - 2021-03-02 02:37 - 000000020 ___SH C:\Users\S A\ntuser.ini
2021-03-02 02:36 - 2021-03-02 02:36 - 000000000 ____D C:\Program Files\Common Files\Intel
2021-03-02 02:36 - 2021-03-02 02:36 - 000000000 ____D C:\Program Files (x86)\Cisco
2021-03-02 02:34 - 2021-03-06 13:38 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2021-03-02 02:33 - 2021-03-02 02:33 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2021-03-02 02:33 - 2021-03-02 02:33 - 000000000 ____D C:\Program Files\Waves
2021-03-02 02:31 - 2021-03-02 02:31 - 000004152 _____ C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask
2021-03-02 02:31 - 2021-03-02 02:31 - 000003560 _____ C:\WINDOWS\system32\Tasks\PCDEventLauncherTask
2021-03-02 02:31 - 2021-03-02 02:31 - 000003438 _____ C:\WINDOWS\system32\Tasks\PCDDataUploadTask
2021-03-02 02:31 - 2021-03-02 02:31 - 000003322 _____ C:\WINDOWS\system32\Tasks\SystemToolsDailyTest
2021-03-02 02:29 - 2021-03-06 18:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-06 18:21 - 2016-04-25 15:04 - 000881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-06 18:21 - 2015-10-30 02:21 - 000000000 ____D C:\WINDOWS\INF
2021-03-06 18:18 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-06 18:16 - 2016-04-25 15:23 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-03-06 18:14 - 2016-04-25 14:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-06 18:14 - 2015-10-30 01:28 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-03-06 16:32 - 2016-04-25 15:23 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-03-06 03:34 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\rescache
2021-03-06 01:51 - 2015-10-30 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-06 01:48 - 2016-04-25 15:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-06 01:38 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-06 01:22 - 2016-04-25 15:32 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-03-06 01:21 - 2015-10-30 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-06 01:20 - 2016-04-25 15:32 - 000000000 ____D C:\ProgramData\McAfee
2021-03-06 01:20 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-06 01:20 - 2015-10-30 01:28 - 000032768 ___SH C:\WINDOWS\system32\config\ELAM
2021-03-05 00:24 - 2015-10-30 02:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-03 19:30 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2021-03-03 18:53 - 2016-04-25 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-03-03 18:53 - 2016-04-25 15:20 - 000000000 ____D C:\Program Files\Dell
2021-03-03 18:49 - 2016-04-25 15:26 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2021-03-03 18:49 - 2016-04-25 15:25 - 000000000 ____D C:\ProgramData\Temp
2021-03-03 18:49 - 2016-04-25 15:25 - 000000000 ____D C:\ProgramData\CyberLink
2021-03-03 18:49 - 2016-04-25 15:25 - 000000000 ____D C:\ProgramData\CLSK
2021-03-03 18:49 - 2016-04-25 15:25 - 000000000 ____D C:\Program Files (x86)\CyberLink
2021-03-03 18:49 - 2016-04-25 15:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-03-02 04:24 - 2016-04-25 15:29 - 000003280 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-03-02 04:23 - 2016-04-25 15:20 - 000003040 _____ C:\WINDOWS\system32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2021-03-02 04:23 - 2016-04-25 15:20 - 000002674 _____ C:\WINDOWS\system32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2021-03-02 04:23 - 2016-04-25 15:09 - 000002304 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton
2021-03-02 03:27 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-03-02 03:27 - 2015-10-30 02:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-02 03:19 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-02 02:49 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\DevicesFlow
2021-03-02 02:43 - 2016-04-25 15:32 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-03-02 02:39 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2021-03-02 02:39 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-02 02:39 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\MiracastView
2021-03-02 02:38 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-02 02:36 - 2016-04-25 15:11 - 000000000 ____D C:\Intel
2021-03-02 02:36 - 2016-04-25 15:10 - 000000000 ____D C:\ProgramData\Intel
2021-03-02 02:36 - 2016-04-25 15:10 - 000000000 ____D C:\Program Files (x86)\Intel
2021-03-02 02:36 - 2016-04-25 15:07 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-02 02:35 - 2016-04-25 15:07 - 000000000 ____D C:\Program Files\Intel
2021-03-02 02:33 - 2016-04-25 15:23 - 000003186 _____ C:\WINDOWS\system32\Tasks\DropboxOEM
2021-03-02 02:33 - 2016-04-25 15:23 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk
2021-03-02 02:33 - 2016-04-25 15:09 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-02 02:32 - 2016-04-25 15:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-03-02 02:31 - 2016-04-25 15:21 - 000000000 ____D C:\ProgramData\PCDr
2021-03-02 02:30 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-02 02:29 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-02 02:27 - 2016-04-25 15:23 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-03-02 02:27 - 2016-04-25 15:23 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-03-03 17:42
==================== End of FRST.txt ========================
 
 
 
Addition - notepad
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by S A (06-03-2021 18:28:36)
Running from C:\Users\S A\OneDrive\Desktop
Windows 10 Home Version 1511 10586.420 (X64) (2021-03-02 07:28:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1051767444-124437913-613416110-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1051767444-124437913-613416110-503 - Limited - Disabled)
Guest (S-1-5-21-1051767444-124437913-613416110-501 - Limited - Disabled)
S A (S-1-5-21-1051767444-124437913-613416110-1001 - Administrator - Enabled) => C:\Users\S A
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
AS: Webroot SecureAnywhere (Enabled - Up to date) {1A0BBACC-F7FA-4EF0-4DAB-2947236986D4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CDRoller (HKLM-x32\...\CDRoller_is1) (Version: 11.61 - Digital Atlantic Corp.)
Core (HKLM\...\{48CD9577-944F-496C-B8AE-F6150240C2D1}) (Version: 1.1.227 - Webroot) Hidden
Dell Customer Connect (HKLM-x32\...\{2BFA1207-9A98-4D55-9182-5C433ED6A55A}) (Version: 1.4.3.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{2B27A8F6-B7D5-4FAF-9C8A-71E9EECA3E9C}) (Version: 2.2.21.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{2B27A8F6-B7D5-4FAF-9C8A-71E9EECA3E9C}) (Version: 2.2.21.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{6992DE3D-E93B-4A24-9FE1-34C841941E11}) (Version: 1.2.4.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.15 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}) (Version: 1.9.4.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.2.6793.01 - PC-Doctor, Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.21594 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.29.62 - Webroot)
 
Packages:
=========
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2021-03-03] (Dell Inc)
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe [2016-04-25] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2021-03-03] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2021-03-03] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.8.268.0_x86__8wekyb3d8bbwe [2016-04-25] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.8.268.0_x86__8wekyb3d8bbwe [2016-04-25] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe [2016-04-25] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.8.277.0_x86__8wekyb3d8bbwe [2016-04-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-03-03] (Netflix, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-03-06] (Webroot Inc. -> Webroot)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506392 2016-04-27] (proDAD GmbH -> proDAD GmbH)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-06-23 18:00 - 2015-06-23 18:00 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2015-06-23 18:00 - 2015-06-23 18:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2016-06-28 19:16 - 2016-06-28 19:16 - 000311296 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Dell\SupportAssistAgent\bin\log4net.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1051767444-124437913-613416110-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1051767444-124437913-613416110-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2021-03-06] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2021-03-06] (Webroot Inc. -> Webroot)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1051767444-124437913-613416110-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: 0061311614670992mcinstcleanup => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: ModuleCoreService => 2
MSCONFIG\Services: PEFService => 2
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "DpmLiteEvent"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1051767444-124437913-613416110-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_0E7F3F0315BDA15500242827E902D7FC"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C956514E-980E-4C64-830A-06FFD3093728}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel® Wireless Display -> Microsoft)
FirewallRules: [{A09B86BA-E8F8-4058-BBBD-0A84E06D82C3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe (Intel® Wireless Display -> Intel Corporation)
FirewallRules: [{B3D10E0A-DAB3-4C5D-949C-D250FD608AEB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{7E728B67-74FA-4F7A-A327-BC65DF881F01}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe (Intel® Wireless Display -> )
FirewallRules: [{EE624D3E-C3EF-412C-B01D-83B1FC957581}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{8ED0EFF3-8C1B-4932-BE19-D1AE0EF3696C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{3F8495FE-206B-45BB-9398-809CCACC1BA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
02-03-2021 02:27:57 Windows Modules Installer
03-03-2021 18:45:47 Installed Suite2
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/06/2021 06:28:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:28:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2021 06:16:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HR06UJB)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (03/06/2021 06:28:08 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
 
Error: (03/06/2021 06:28:02 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
 
Error: (03/06/2021 06:16:56 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
Error: (03/06/2021 06:16:54 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
Error: (03/06/2021 06:16:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
Error: (03/06/2021 06:16:50 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
Error: (03/06/2021 06:16:48 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
Error: (03/06/2021 06:16:47 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HR06UJB)
Description: Unable to start a DCOM Server: App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
 
 
Windows Defender:
================
Date: 2021-03-06 14:26:03.140
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-03-06 14:25:02.448
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:25:01.803
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:25:01.292
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:25:00.715
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:24:59.525
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:24:35.980
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:24:34.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:24:32.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-06 14:24:28.524
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Event[10]:
 
Date: 2021-03-06 14:24:27.159
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Event[11]:
 
Date: 2021-03-06 14:24:15.259
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-02 03:17:24.739
Description: 
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-06 00:52:00.328
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 
 
Date: 2021-03-06 00:52:00.327
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.331.2277.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 
 
Date: 2021-03-06 00:52:00.327
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.331.2277.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 
 
Date: 2021-03-06 00:52:00.319
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.331.2277.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2021-03-06 00:52:00.191
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A21 07/09/2020
Motherboard: Dell Inc. 0Y6RW7
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8101.98 MB
Available physical RAM: 5372.64 MB
Total Virtual: 20101.98 MB
Available Virtual: 17327.26 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.06 GB) (Free:863.45 GB) NTFS
 
\\?\Volume{b81d17cb-b218-48f5-96f8-ac1c27892f32}\ () (Fixed) (Total:0.87 GB) (Free:0.4 GB) NTFS
\\?\Volume{27e97f8d-8cf7-4f6d-958e-d8e697b4195a}\ (Image) (Fixed) (Total:12.97 GB) (Free:0.63 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AB9C444C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

Nothing obvious in your logs.  See if you can run MBAR:

 

https://www.malwareb...om/antirootkit/

 

Click on Download

Save and then right click and Run As Admin.

 

I expect it won't find anything.

 

Let's get some more info:

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Your factory reset has taken you back to Version 1511.  Windows is unlikely to update to the latest version with that as a starting point.  Go to

https://www.microsof...nload/windows10

Click on Update Now, Save and right click and Run As Admin then follow the instructions.  That's the quickest way to get back up to date.


  • 0

#3
mis_allen

mis_allen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi RKinner ..I appreciate your time and help! Below are the files from Malwarebytes Antirootkit.

 

 

[-=alwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2021.03.07.03
  rootkit: v2021.03.07.03
 
Windows 10 x64 NTFS
Internet Explorer 11.420.10586.0
S A :: DESKTOP-HR06UJB [administrator]
 
3/7/2021 7:27:03 AM
mbar-log-2021-03-07 (07-27-03).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 165477
Time elapsed: 14 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
 
 
 
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.420.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8495542272, free: 5884542976
 
Downloaded database version: v2021.03.07.03
Downloaded database version: v2021.03.07.03
Downloaded database version: v2018.01.20.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     03/07/2021 07:26:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Webroot\Core\WRCore.x64.sys
\??\C:\WINDOWS\system32\drivers\rawdsk3.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\iaLPSS_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\DellRbtn.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\DellProf.sys
\SystemRoot\system32\drivers\DDDriver64Dcsa.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\SynRMIHID.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
\??\C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\System32\drivers\truesight.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\??\C:\WINDOWS\system32\DRIVERS\mbam.sys
\??\C:\WINDOWS\system32\drivers\3243E5D3.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2021.03.07.03
  rootkit: v2021.03.07.03
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000249fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000249fbb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000249fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00021636470, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00021635150, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000208ac400, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: AB9C444C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1547200603
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 82172471-6be1-4702-a382-a7b33c5d652
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1547200603
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 82172471-6be1-4702-a382-a7b33c5d652
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 104982b2-5d10-4c62-8447-db2672a148
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID f7556547-7526-4b4b-8ac-5717902621b9
    FirstLBA 1026048  Last LBA 1288191
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 23d749c0-76e7-4ede-a2b7-f942ddf0e43f
    FirstLBA 1288192  Last LBA 1924497782
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b81d17cb-b218-48f5-96f8-ac1c27892f32
    FirstLBA 1924499456  Last LBA 1926313983
    Attributes 1
    Partition Name                                     
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 27e97f8d-8cf7-4f6d-958e-d8e697b4195a
    FirstLBA 1926313984  Last LBA 1953523711
    Attributes 1
    Partition Name                                     
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\3a4f0a84904c4b568b6621b30306261c\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\387d8c4acd15ff2d479ebd491edb8e51\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\36f6762d29fc05f4d32b01a56ea0f8f8\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ea350a39df1334a4911cc92f58c85dd0\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\3e5ea567bb0ad22410d894309e40f0aa\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\d13f5d2639d395e3476385f566a85820\System.Web.Extensions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d1e6c00e339d9f64674d3a9e74403a7e\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1be3ec32aa5187ec7d760c55c55f6c0\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d18bf45b9a63cd0386949a0fa5ab7d1e\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9f3be891850bb38ac107988533745206\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\eec68ed9ee89f3edf2bd0e4a8a681f46\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\84f2250c582e8bafeaf4fd9e407ba22a\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e95c04a954155809c430a0c604a6416e\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\2f18aee9e26301da57394e94416a20ba\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ebef418f08844f99287024d1790a62a4\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3e6c997c0f5d4d89a00c29e535fbddfb\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9d2a808c4a37ba6c925241bd9bf1efea\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\75569710b0fc4e7ad94b947c006b335b\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0555aeb073cb90d425082d8b4360f814\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2586b192cf7cea9686568c6d76361cc2\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\b32414460ef8695cdd49dfc3e6c3f079\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fc7551596b2c93328a98aa161ccc1e68\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\342e1e9ad63227e979f93ef84d0eef1a\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\377c0886b594b94f34fd56b566af365d\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\716433ca145eef176e9213782df3368d\UIAutomationProvider.ni.dll" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
I am attaching the requested file below and will start on Windows updates now .. I will post when updates are done to see if you have ny more recommendations.  
 
Thanks again!

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

Looks good.  You can uninstall Speccy when you get a chance.


  • 0

#5
mis_allen

mis_allen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi, I finished updates and everything seems good. Thank you so much for your help! I was looking at site for a donation link but haven't found any. I will continue to look, If there is none, I will be especially nice to someone today!


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP