Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer suddenly very slow [Solved]


  • This topic is locked This topic is locked

#16
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Here you go!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02
Ran by erine (administrator) on DESKTOP-0OR6TUF (Dell Inc. Inspiron 3670) (26-09-2021 04:22:07)
Running from C:\Users\erine\Desktop
Loaded Profiles: erine
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <21>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Meraki, LLC. -> Meraki, Inc.) C:\Program Files\Meraki\Systems Manager Agent 3.1.1\m_agent_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\erine\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\erine\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe <3>
(Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe [1257032 2021-04-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-07-25] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2020-12-06] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [30320 2019-08-13] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.54\Installer\chrmstp.exe [2021-09-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Positive Grid USB Audio Device Control Panel Autostart.lnk [2021-07-29]
ShortcutTarget: Positive Grid USB Audio Device Control Panel Autostart.lnk -> C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-05-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {055CB0F3-581D-4BF4-A07F-BD9C174ADD67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-22] (Google LLC -> Google LLC)
Task: {11C369DA-8429-4770-97FE-B0E2B7D2A5F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {137913B0-BA06-4AF2-9D39-15C9D262E643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1BE86C00-AA40-4497-BE7C-CD3F3DBA242A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {35FF5702-C0A4-4C79-AFAE-DF3F5794D2D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {361A9B78-F48C-4CF9-AADB-2C588162FAC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {423B6AD6-CA12-4720-82C4-C6F1DC202E37} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
Task: {4BF93158-D314-443E-BD3C-8BE8CE6BDAEC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
Task: {5F310278-A23C-41E8-BE08-E1A047D7B5D4} - System32\Tasks\Daily Restart => shutdown /r
Task: {6DDBADCD-AD84-44A5-BFA8-2322E1DB69D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D125A5D-DE8E-4BFF-850C-93366F193045} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-22] (Google LLC -> Google LLC)
Task: {8EA652E2-0F53-41E2-9C94-9577C55C2ABA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {93461ECF-28A9-4D49-B11F-A1A8275E8339} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1155480 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8F926DE-4DB7-4BFC-86D7-32F2800E6E41} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A930250E-FD60-483D-B73A-D446A2B91AF5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {B0FC898B-670F-493E-8A53-4FD380C81F54} - System32\Tasks\NCH Software\ExpressRipDowngrade => C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe [1006648 2019-03-22] (NCH Software Pty Ltd -> NCH Software)
Task: {C37B4CFA-631B-49AF-BF09-692DCA436213} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {C4AC0B23-378D-453F-8E66-F62E455295F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C902F622-B369-44AD-8BE6-46FDB35C5B1A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0142236-511F-4774-A84E-E39E07AD1A30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3F632A4-BCA9-46DF-BDFF-7D5BBD9BD5A0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F323D4A5-A8BC-45F0-BA78-CEB3845793B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {FBA9D3F3-F308-4266-B394-D8B8F5DB8EED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{2d523801-0097-4f41-aeb8-f30dcdd432b5}: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{efd4fddc-f2ea-4ba3-b79d-778a0be4e2c9}: [DhcpNameServer] 172.71.1.171
 
Edge: 
=======
DownloadDir: C:\Users\erine\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\erine\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-22]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: un57y4gx.default
FF ProfilePath: C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default [2021-09-23]
FF Extension: (translator-lite) - C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default\Extensions\[email protected] [2019-03-11]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-22]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default [2021-09-26]
CHR DownloadDir: C:\Users\erine\Downloads
CHR HomePage: Default -> hxxps://my.erikson.edu/ics/default.aspx/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.office.com/"
CHR Extension: (Slides) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-02]
CHR Extension: (Docs) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-02]
CHR Extension: (Google Drive) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-02]
CHR Extension: (Adobe Acrobat) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-18]
CHR Extension: (Sheets) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-02]
CHR Extension: (Whisk) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoijmnbedaipllfimaogeepohalbgka [2021-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-22]
CHR Extension: (Pinterest Save Button) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-09-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-14]
CHR Extension: (Google Scholar Button) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2020-10-08]
CHR Extension: (No Name) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-26]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-25]
CHR Extension: (Slides) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-13]
CHR Extension: (Google Drive) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-13]
CHR Extension: (YouTube) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-13]
CHR Extension: (Adobe Acrobat) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-13]
CHR Extension: (Sheets) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-13]
CHR Extension: (Google Docs Offline) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-13]
CHR Extension: (Gmail) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-13]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-07-08] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [2606704 2019-08-13] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-21] (Malwarebytes Inc -> Malwarebytes)
R2 MerakiSystemsManagerAgent; C:\Program Files\Meraki\Systems Manager Agent 3.1.1\m_agent_service.exe [6269152 2021-04-27] (Meraki, LLC. -> Meraki, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iTransfer\DriverInstall.exe [107200 2017-11-08] (Shenzhen Yi Xing Investment Co., Ltd. -> Wondershare)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsld996faae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90711D60-703A-45A2-90A5-65E61528E150}\MpKslDrv.sys [130296 2021-09-25] (Microsoft Windows -> Microsoft Corporation)
S3 Spark40USBAudioDriver; C:\WINDOWS\System32\drivers\Spark40USBAudioDriver.sys [377384 2019-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Spark40USBAudioDriverks; C:\WINDOWS\System32\drivers\Spark40USBAudioDriverks.sys [53800 2019-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2013-04-11] (WatchGuard Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-26 01:45 - 2021-09-26 01:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-26 01:45 - 2021-09-26 01:45 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-26 01:40 - 2021-09-26 01:40 - 000001214 _____ C:\Users\erine\Documents\eset 09.26.21.txt
2021-09-25 13:59 - 2021-09-25 13:59 - 000001294 _____ C:\Users\erine\Desktop\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:59 - 000001400 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:58 - 000000000 ____D C:\Users\erine\AppData\Local\ESET
2021-09-25 13:57 - 2021-09-25 13:57 - 011697056 _____ (ESET) C:\Users\erine\Desktop\esetonlinescanner.exe
2021-09-25 13:52 - 2021-09-25 13:52 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-25 13:52 - 2021-09-25 13:52 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-09-25 13:52 - 2021-09-25 13:52 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-24 14:32 - 2021-09-24 14:32 - 000039838 _____ C:\Users\erine\Downloads\participantsFile-1503486 (2).xlsx
2021-09-24 14:30 - 2021-09-24 14:30 - 000046008 _____ C:\Users\erine\Downloads\NSF Participants - SRI (1).xlsx
2021-09-23 01:13 - 2021-09-25 13:49 - 108265472 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-09-23 01:13 - 2021-09-23 01:13 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-09-23 00:30 - 2021-09-23 00:30 - 000004476 _____ C:\Users\erine\Desktop\AdwCleaner[S01].txt
2021-09-22 23:26 - 2021-09-22 23:26 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-22 23:26 - 2021-09-22 23:26 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-22 23:25 - 2021-09-22 23:25 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-22 23:25 - 2021-09-22 23:25 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-22 23:25 - 2021-09-22 23:25 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-22 23:25 - 2021-09-22 23:25 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-22 23:25 - 2021-09-22 23:25 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-22 23:25 - 2021-09-22 23:25 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-22 23:25 - 2021-09-22 23:25 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-22 23:25 - 2021-09-22 23:25 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-22 23:25 - 2021-09-22 23:25 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-22 23:25 - 2021-09-22 23:25 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-22 23:24 - 2021-09-22 23:24 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-22 23:24 - 2021-09-22 23:24 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-22 23:24 - 2021-09-22 23:24 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-22 23:24 - 2021-09-22 23:24 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-22 23:24 - 2021-09-22 23:24 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-22 23:24 - 2021-09-22 23:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-22 23:24 - 2021-09-22 23:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-22 23:24 - 2021-09-22 23:24 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-22 22:41 - 2021-09-22 22:50 - 000000000 ___HD C:\$WinREAgent
2021-09-22 19:26 - 2021-09-25 13:48 - 000000000 ____D C:\AdwCleaner
2021-09-22 19:25 - 2021-09-22 19:26 - 008553680 _____ (Malwarebytes) C:\Users\erine\Desktop\AdwCleaner.exe
2021-09-22 17:06 - 2021-09-22 17:15 - 000005265 _____ C:\Users\erine\Desktop\Fixlog.txt
2021-09-22 17:03 - 2021-09-22 17:03 - 002304512 _____ (Farbar) C:\Users\erine\Desktop\FRST64.exe
2021-09-22 16:48 - 2021-09-22 16:51 - 000003336 _____ C:\WINDOWS\system32\Tasks\Daily Restart
2021-09-22 16:39 - 2021-09-22 23:44 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-22 16:39 - 2021-09-22 23:43 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-22 16:39 - 2021-09-22 16:39 - 000000000 ____D C:\Program Files\Google
2021-09-22 16:38 - 2021-09-22 16:38 - 001342296 _____ (Google LLC) C:\Users\erine\Downloads\ChromeSetup.exe
2021-09-22 16:38 - 2021-09-22 16:38 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-22 16:38 - 2021-09-22 16:38 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-22 14:45 - 2021-09-22 14:49 - 001247977 _____ C:\Users\erine\Downloads\2016incomeToAge5.xlsx
2021-09-22 10:06 - 2021-09-22 10:06 - 000000000 ____D C:\Users\erine\Documents\FeedbackHub
2021-09-22 02:23 - 2019-12-19 14:07 - 002877104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2021-09-22 02:22 - 2021-09-22 02:22 - 000000000 ____D C:\ProgramData\Intel Package Cache {29d6077f-6adb-42de-abac-1c60aeb0e237}
2021-09-22 02:20 - 2021-09-22 02:20 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2021-09-22 02:20 - 2021-09-22 02:20 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2021-09-22 01:25 - 2021-09-22 23:38 - 000563080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-22 00:37 - 2021-09-22 00:37 - 000000000 ____D C:\Users\erine\Documents\Dell
2021-09-22 00:20 - 2021-09-22 16:58 - 000000000 ____D C:\Users\erine\Desktop\FRST-OlderVersion
2021-09-21 15:19 - 2021-09-21 15:19 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-21 15:07 - 2021-09-21 15:07 - 000000000 ___HD C:\$SysReset
2021-09-21 12:58 - 2021-06-18 06:35 - 001859624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001859624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001102328 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 001102328 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000956432 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000956432 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000614232 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000429928 _____ C:\WINDOWS\system32\ze_loader.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000309696 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000257088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000173080 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000148360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000145776 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 026671952 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 013499224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 000507744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 000370528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 12:58 - 2021-06-18 06:33 - 000354672 _____ C:\WINDOWS\system32\ControlLib.dll
2021-09-17 22:08 - 2021-09-17 22:08 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3707107645-3133845480-1438675409-1001
2021-09-17 22:08 - 2021-09-17 22:08 - 000002385 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-16 18:26 - 2021-09-16 18:26 - 001628064 _____ C:\Users\erine\Downloads\MQI Coaching Camera Set Up Guide (1).pdf
2021-09-16 18:15 - 2021-09-16 18:15 - 001628064 _____ C:\Users\erine\Downloads\MQI Coaching Camera Set Up Guide.pdf
2021-09-16 15:26 - 2021-09-16 15:26 - 008087229 _____ C:\Users\erine\Downloads\Gender.zip
2021-09-16 14:20 - 2021-09-16 14:20 - 000818066 _____ C:\Users\erine\Downloads\Cahoon_Cassidy_Purpura_et_al._2021_Rigorous_Measure_JNC_AAM.pdf
2021-09-16 03:53 - 2021-09-16 03:53 - 000012175 _____ C:\Users\erine\Desktop\NSF Figures.xlsx
2021-09-14 22:02 - 2021-09-14 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-09-14 11:46 - 2021-09-14 11:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-14 11:44 - 2021-09-14 11:44 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-09-10 14:09 - 2021-09-10 14:09 - 000000000 ____D C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-09-10 13:50 - 2021-09-10 13:50 - 000896935 _____ C:\Users\erine\Downloads\fe_report_fin.pdf
2021-09-08 00:57 - 2021-09-26 02:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-05 01:35 - 2021-09-16 23:10 - 000017905 _____ C:\Users\erine\Desktop\Milk Ledger.xlsx
2021-09-04 15:56 - 2021-09-04 15:56 - 000105464 _____ C:\Users\erine\Downloads\MQI Coaching Teacher Matching - by coach.xlsx
2021-09-02 00:21 - 2021-09-02 00:21 - 002857747 _____ C:\Users\erine\Downloads\Curriculum Night Power Point.pptx.pdf
2021-09-01 00:05 - 2021-09-01 00:05 - 000011607 _____ C:\Users\erine\Downloads\FY21 Report Summary 8.31.21.xlsx
2021-08-31 14:12 - 2021-08-31 14:12 - 000336341 _____ C:\Users\erine\Downloads\Math Partners_Narrative.edited.pdf
2021-08-31 11:56 - 2021-08-31 11:56 - 000003524 _____ C:\Users\erine\Downloads\EQUIP_M_Forms_Summary.csv
2021-08-31 11:47 - 2021-08-31 11:47 - 000007616 _____ C:\Users\erine\Downloads\EQUIP_M_Forms (12).csv
2021-08-30 14:57 - 2021-08-30 14:57 - 000000000 ____D C:\Users\erine\.IBM
2021-08-30 13:32 - 2021-08-30 13:32 - 000000000 ____D C:\Users\erine\AppData\Local\renv
2021-08-30 13:29 - 2021-08-30 13:29 - 000002168 _____ C:\Users\Public\Desktop\IBM SPSS Statistics.lnk
2021-08-30 13:29 - 2021-08-30 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2021-08-30 13:14 - 2021-08-30 13:17 - 880796040 _____ (IBM Corp) C:\Users\erine\SSC_64-bit_28.0.0.0_MWins.exe
2021-08-27 15:17 - 2021-08-27 15:17 - 000002370 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-08-27 15:17 - 2021-08-27 15:17 - 000002362 _____ C:\Users\erine\Desktop\Microsoft Teams.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-26 04:23 - 2021-03-05 12:01 - 000026522 _____ C:\Users\erine\Desktop\FRST.txt
2021-09-26 04:23 - 2021-03-05 11:56 - 000000000 ____D C:\FRST
2021-09-26 03:43 - 2018-12-02 19:13 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-26 02:57 - 2018-12-02 19:36 - 000000000 ____D C:\Users\erine\AppData\LocalLow\Mozilla
2021-09-26 02:53 - 2021-06-24 04:36 - 000000000 ____D C:\Users\erine\AppData\LocalLow\IGDump
2021-09-26 01:36 - 2020-11-01 03:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-25 23:14 - 2020-08-22 05:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-25 23:14 - 2020-08-22 05:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-25 23:14 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-25 23:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-25 23:14 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-25 20:16 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-25 13:58 - 2020-11-01 03:52 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-25 13:55 - 2020-05-18 12:16 - 000000000 ___RD C:\Users\erine\OneDrive - erikson.edu
2021-09-25 13:55 - 2019-10-04 15:11 - 000000000 ___RD C:\Users\erine\erikson.edu
2021-09-25 13:54 - 2018-12-02 19:07 - 000000000 ___RD C:\Users\erine\OneDrive
2021-09-25 13:50 - 2020-11-01 04:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-25 13:50 - 2020-11-01 03:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-25 13:50 - 2018-09-11 08:13 - 000000000 ____D C:\Intel
2021-09-25 13:49 - 2019-12-07 04:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-09-24 16:23 - 2020-05-18 17:19 - 000000000 ____D C:\Users\erine\Documents\Housekeeping
2021-09-24 14:32 - 2018-12-02 19:02 - 000000000 ____D C:\Users\erine\AppData\Local\Packages
2021-09-24 00:51 - 2020-05-18 17:19 - 000000000 ____D C:\Users\erine\Documents\Zoom
2021-09-23 00:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-23 00:04 - 2019-02-07 16:23 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-22 23:35 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-22 23:34 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-22 23:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-22 23:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-22 23:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-22 23:34 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-22 23:33 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-22 23:01 - 2020-04-01 00:10 - 000000000 ____D C:\Program Files\Avid
2021-09-22 23:00 - 2020-04-01 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2021-09-22 23:00 - 2020-04-01 00:10 - 000000000 ____D C:\ProgramData\Avid
2021-09-22 22:51 - 2018-12-05 23:44 - 000000000 ____D C:\Users\erine\AppData\Local\WebEx
2021-09-22 22:50 - 2018-12-05 23:44 - 000000000 ____D C:\Users\erine\AppData\Roaming\webex
2021-09-22 22:48 - 2018-12-02 20:40 - 000000000 ____D C:\Users\erine\AppData\Local\D3DSCache
2021-09-22 22:39 - 2018-12-02 19:04 - 000000000 ____D C:\Users\erine\AppData\Local\PlaceholderTileLogoFolder
2021-09-22 21:38 - 2021-03-05 12:06 - 000007606 _____ C:\Users\erine\AppData\Local\resmon.resmoncfg
2021-09-22 17:15 - 2019-01-23 13:56 - 000000000 ____D C:\Users\erine\AppData\LocalLow\Temp
2021-09-22 10:36 - 2021-03-05 12:17 - 000058909 _____ C:\Users\erine\Desktop\Addition.txt
2021-09-22 10:09 - 2019-04-07 23:04 - 000000000 ____D C:\Users\erine\AppData\Local\ElevatedDiagnostics
2021-09-22 02:24 - 2018-09-11 08:09 - 000000000 ___HD C:\Program Files (x86)\Temp
2021-09-22 02:23 - 2021-04-12 11:26 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2021-09-22 02:23 - 2018-09-11 08:09 - 000019632 _____ C:\WINDOWS\SysWOW64\RtkMsgs.dll
2021-09-22 02:21 - 2018-12-02 19:05 - 000000000 ____D C:\ProgramData\Packages
2021-09-22 02:19 - 2018-09-11 08:08 - 000000000 ____D C:\ProgramData\Intel
2021-09-22 02:07 - 2018-09-11 08:06 - 000000000 ____D C:\Program Files\Intel
2021-09-22 01:26 - 2020-10-30 02:10 - 000000000 ___DC C:\WINDOWS\Panther
2021-09-21 15:19 - 2021-05-28 15:28 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-21 15:19 - 2020-08-02 03:43 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-21 15:17 - 2021-05-28 15:27 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-21 15:11 - 2020-09-05 17:16 - 000000000 ____D C:\Users\erine\AppData\Local\CrashDumps
2021-09-18 20:24 - 2021-07-04 21:28 - 000000000 ____D C:\Users\erine\AppData\Roaming\.minecraft
2021-09-17 03:21 - 2018-12-02 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 03:16 - 2018-12-02 22:38 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-16 23:05 - 2018-12-02 19:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-14 22:03 - 2019-01-04 18:06 - 000000000 ____D C:\Users\erine\AppData\Local\Dropbox
2021-09-14 22:03 - 2019-01-04 18:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-12 04:53 - 2018-12-02 19:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 14:10 - 2018-12-11 11:41 - 000000000 ____D C:\Users\erine\AppData\Roaming\Zoom
2021-09-09 10:11 - 2020-09-30 02:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-08 13:17 - 2018-09-11 07:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-08 07:57 - 2021-07-27 17:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-08 07:57 - 2018-12-02 19:36 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-02 01:01 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-08-31 13:50 - 2020-09-16 02:30 - 000000000 ____D C:\Users\erine\AppData\Local\javasharedresources
2021-08-30 20:26 - 2019-11-13 08:00 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-30 14:57 - 2020-11-01 03:39 - 000000000 ____D C:\Users\erine
2021-08-30 13:32 - 2020-09-16 02:33 - 000000000 ____D C:\Users\erine\AppData\Roaming\IBM
2021-08-30 13:23 - 2020-09-16 02:28 - 000000000 ____D C:\Program Files\IBM
 
==================== Files in the root of some directories ========
 
2021-08-30 13:14 - 2021-08-30 13:17 - 880796040 _____ (IBM Corp) C:\Users\erine\SSC_64-bit_28.0.0.0_MWins.exe
2020-04-01 00:10 - 2020-04-01 00:11 - 001451682 _____ () C:\Users\erine\AppData\Roaming\AvidLink_Install.log
2021-03-05 12:06 - 2021-09-22 21:38 - 000007606 _____ () C:\Users\erine\AppData\Local\resmon.resmoncfg
 
==================== FLock ==============================
 
2021-05-28 05:10 C:\Recovery
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by erine (26-09-2021 04:27:21)
Running from C:\Users\erine\Desktop
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-11-01 09:09:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3707107645-3133845480-1438675409-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3707107645-3133845480-1438675409-503 - Limited - Disabled)
erine (S-1-5-21-3707107645-3133845480-1438675409-1001 - Administrator - Enabled) => C:\Users\erine
Guest (S-1-5-21-3707107645-3133845480-1438675409-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3707107645-3133845480-1438675409-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Comcast Business VoiceEdge Companion (HKLM-x32\...\B14ACF74-0DA5-4DEC-813B-6E5902DC6DAB_is1) (Version: 4.1.0 - Comcast Business)
Coolmuster Android Assistant (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Coolmuster Android Assistant) (Version: 4.3.497 - Coolmuster)
Dell Digital Delivery Service (HKLM-x32\...\{66E2407E-9001-483E-B2AA-7AEF97567143}) (Version: 3.6.1005.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{913C378B-00FC-429C-BCC4-E7B2EC6679C7}) (Version: 1.2.6266 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{795931D8-2EBF-4969-A678-4219B161F676}) (Version: 5.4.3.15135 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{555298fa-14a9-48f2-a7a0-9602f31785da}) (Version: 5.4.3.15135 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 131.4.3968 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{90BC69B6-C3DD-45E3-B2EE-354635A0329B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Ensemble Anthem (HKLM-x32\...\{DAC7A13A-4B6E-4697-8F4E-EA9836F34EBC}) (Version: 2.7.0 - Ensemble Video)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
G*Power 3.1.9.7 (HKLM-x32\...\{FA3666A9-FF30-4777-B906-305B1EF0486E}) (Version: 3.1.97 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.54 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
HLM 8.00 for Windows (Student) (HKLM-x32\...\{9E3FCEEE-3163-4946-A8AB-C97F4F70DD12}) (Version: 8.00 - SSI, Inc.)
IBM SPSS Statistics (HKLM\...\{DC8AD675-36E2-44AD-8FB9-FA069BEAC190}) (Version: 28.0.0.0 - IBM Corp)
IBM SPSS Statistics 27 (HKLM\...\{8EAD21F8-AD8B-4C6F-ABE6-92357CAB043E}) (Version: 27.0.0.0 - IBM Corp)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2210 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
iSkysoft iTransfer ( Version 4.3.1 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 4.3.1 - iSkysoft)
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.0.22.435 - LeapFrog)
LeapFrogConnect2 (HKLM-x32\...\{E713461D-C80C-4E84-B53D-B351E9FD8EBA}) (Version: 4.0.22.435 - LeapFrog) Hidden
LeapStart (HKLM-x32\...\{86F8863C-5B13-4809-B154-A6F2F75A680C}) (Version: 4.0.24.437 - LeapFrog) Hidden
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Mendeley Desktop 1.19.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.4 - Mendeley Ltd.)
Meraki Systems Manager Agent (HKLM\...\{573BE5A2-40E9-4C53-A744-CD352DBCC0C1}) (Version: 3.1.1 - Meraki)
Meraki Systems Manager Agent (HKLM-x32\...\{BCD00ACA-E928-48E3-BE0E-342F052BDA5C}) (Version: 1.0.98 - Meraki)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 92.0 (x64 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.68.39605 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Positive Grid USB Audio Device Driver v4.80.0 (HKLM-x32\...\Software_PositiveGrid_PositiveGrid_UsbAudio_Driver_Setup) (Version: 4.80.0 - Positive Grid)
QT5.10.1 (HKLM-x32\...\{D648CC39-D39C-445B-AEB7-213632704032}) (Version: 1.0.0.0 - LeapFrog) Hidden
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9155.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Sibelius (HKLM\...\{6E8787BE-2DCD-4212-BCE3-62F0D1890CB5}) (Version: 20.3.0.2503 - Avid Technology)
Sibelius OpenType Fonts (HKLM-x32\...\{797B694A-E317-4405-A512-76A91A50243F}) (Version: 20.1.0 - Avid)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version:  - LeapFrog)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{2C9A4261-9CAB-4FF1-AC5A-AC436FBB4F48}) (Version: 5.4.58474 - Zoom)
 
Packages:
=========
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.0.0_x64__htrsf667h5kn2 [2021-08-05] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-10] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-19] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-22] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.3.12.0_x86__htrsf667h5kn2 [2021-08-12] (Dell Inc)
Golden Farm -> C:\Program Files\WindowsApps\4ACEF246.GoldenFarm_2.6.14.0_x86__05g3z837ka020 [2021-09-22] (ПлейМи8)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1020.0_x64__8j3eq9eme6ctt [2021-09-22] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-02] (LinkedIn)
LiquidText -> C:\Program Files\WindowsApps\LiquidText.LiquidText_2.0.10.0_x64__rx5mtpcf576t0 [2021-09-21] (LiquidText)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-26] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-26] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.91.7.0_x64__htrsf667h5kn2 [2021-08-05] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-12-02] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.995.0_x64__rh07ty8m5nkag [2021-08-14] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0 [2021-09-21] (Spotify AB) [Startup Task]
Township -> C:\Program Files\WindowsApps\PLRWORLDWIDESALES.TOWNSHIP_2021.852.1.0_x64__1feq88045d2v2 [2021-09-01] (Playrix)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2018-12-02] (Waves Audio)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{04271989-C4D2-88A2-3539-1A94673CEAB1} -> [OneDrive - erikson.edu] => C:\Users\erine\OneDrive - erikson.edu [2020-05-18 12:16]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{04271989-C4D2-E4DB-C5EA-728D92C7BD4B} -> [erikson.edu] => C:\Users\erine\erikson.edu [2019-10-04 15:11]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\erine\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\erine\Dropbox [2019-01-04 18:11]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-05-23 15:57 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\sharepoint.com -> hxxps://erikson-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.12.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Avid Link.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "LeapFrog Connect 2 Launcher"
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{82FE4774-7537-40D4-8C40-CB1E04F8B9DB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{91265713-1BBB-4EFD-918E-8AC3F172D293}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{D41C67E6-5EF9-4387-8E7A-C0CFF6A70183}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{FCB196ED-7F09-493B-851D-F7D005EA342D}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{797D1683-93F2-436A-AE46-8A6C03D3A99F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{4ECB768A-7AEF-40C0-9735-7184D93F5FCD}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{8069A8E5-D2BD-483C-BFDE-58870785C960}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe => No File
FirewallRules: [{4FEEDD4D-FF92-4455-AB6E-544F7BE57D8D}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe => No File
FirewallRules: [{68C5941B-BF1D-4ADB-A299-5AB0E491DF27}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe => No File
FirewallRules: [{AB8C8466-A433-4B37-B535-F8F64B6B4F1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{2E5D5CE8-C96E-46E3-ADF3-4AF738FB6404}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{1BB45BF6-C2F6-4DB2-A81E-1BA2C8322294}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{27D0D49B-7299-46BD-B764-15D687BF7D06}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{EEE394CF-2D2F-483E-8613-AD38FBEBEC2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gary Grigsby's War in the East\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{0EA081DF-F331-4613-A022-4BE8354C329D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gary Grigsby's War in the East\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [UDP Query User{0AADBF99-E49A-470A-84C3-A445CF235D41}C:\users\erine\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\erine\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AC25FB74-84CA-4847-B09F-F7143197E990}C:\users\erine\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\erine\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ABA2EB13-5D2C-455F-A3AE-5BE0DF5C195F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8DE8C12E-51DB-4280-989B-EEFF1931C5C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{4BEC8F64-4607-4E9B-A209-00688A19FDB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steel Division 2\SteelDivision2.exe (Eugen Systems -> )
FirewallRules: [{97DA9C1D-F386-4B7A-A99C-1440A2C154F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steel Division 2\SteelDivision2.exe (Eugen Systems -> )
FirewallRules: [{E93034E9-9443-476F-964D-6C5070F1ADD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{B6622C3D-3707-43DA-B5A6-8599CDF72043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C6E35B94-22E1-4229-A500-6FC32A0EBC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C18BFC5B-68EE-4237-8C85-1EA1B0C4C2BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{6764EA49-E091-42EE-B6F3-3BE87A88721A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{E4D706BE-7FF3-478D-AF73-1B17D9A2BF77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B985B362-BDB3-493B-A206-970E2D1323DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{2477E48C-20B1-4E19-9D7B-CCB9553EBC99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{0B9FD753-8363-40B2-8B92-99E6F08055CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{699FC05B-C7B0-4A70-9C5C-EB0CC7F720B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{8C1F622C-3C47-4EE0-8AA2-9323509AE855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{F249F148-5AD5-4D87-9EC1-35DAFD5ADFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{557977B2-27B4-4457-9E98-F49B3A008420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{906D40C6-E3B1-4580-AA51-BA445A074AF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B5A938DB-9C46-4F71-A42E-1CB98406DA81}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B8486867-0FE5-4ACA-946A-D213304AA51C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DDE83877-17D5-4FDF-AAA5-2D3FE2B62307}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe (Witold Budziszewski) [File not signed]
FirewallRules: [{6922417B-4AB2-4EC0-A47B-58C9593DAA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe (Witold Budziszewski) [File not signed]
FirewallRules: [{714773E4-E0B5-4EA0-80E8-F0D156B1F696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{269078E5-3A6D-4519-8182-0AA78896E999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{4CA29012-B83A-4ECA-BE17-0B6F76173FC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{80C230DC-C372-422C-A7C1-0295487EB577}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3062A725-8B8C-4737-B938-5159C1F8BAD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.11001.20108.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A20DCD7-4621-4B9E-9666-2E2CD79C6839}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6DAE79D6-5676-41DA-BCDD-E6C03E7C3FA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{035DEDDF-E79A-4167-A583-3A47054DA3F7}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{52931BB2-AD5A-4E2A-8DE6-182F3D8DC90A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{AB766514-604C-4DBA-B002-D77B73A1E6E6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5EF13515-3723-47F2-ABCA-E745246AB2D4}C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [UDP Query User{58E11E2C-C253-47C7-B49D-DA8F227979B3}C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [{50E43B59-7084-4D0D-AF62-5B4802508B2C}] => (Block) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [{E2F0F573-400B-4772-9EBA-FA4DF606A905}] => (Block) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [TCP Query User{B7C35C69-7505-49A3-B2A1-BDC75CE23223}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{113914F1-ED21-4DF8-BFBD-47BFD1943831}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1EE83D3B-715B-4A07-926A-99F07DC5D87F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{6914C75B-8A33-4BCF-B2B6-B5154E370D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{60087F19-41E9-4B83-92BF-42AE0E96B285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe () [File not signed]
FirewallRules: [{1343FBE2-EFFA-4694-83C4-0CE004845964}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe () [File not signed]
FirewallRules: [{D6308340-01AB-4E9A-BC95-11D14026AC64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe () [File not signed]
FirewallRules: [{F0C93BA6-F6E2-4424-AB6F-549AA0FC9D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe () [File not signed]
FirewallRules: [{5D4C5A9A-4F5F-4CF0-AD0C-B53668077E2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38F9008D-0333-4593-8D78-237A27B56288}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03D065CB-622F-4E20-8916-59BD6A83C25A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3447EA05-5783-4ED3-A145-4B43571A4077}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7D391528-ED0B-4F09-8452-1B86A3F8EB2B}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{2AADF3EC-9353-4232-8BE2-A03C5781AFD4}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{28640029-1CB6-4D5C-81DE-C33AEC9B3847}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [File not signed]
FirewallRules: [{DCB7C2BF-466C-4C00-8EAE-986689CBAD46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [File not signed]
FirewallRules: [{C3F05293-542D-4C51-B121-6B5474AD6FEB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02CABF53-34E9-488A-B187-CED93CD9B622}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DACE35D2-C9F0-4EB3-BE17-105B184B48BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC9A486B-FA76-4F4A-9C74-A35561D69EED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{35F2DB8B-1539-4BF6-8E5E-E0C5FC99605A}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8FAD2BBC-9476-47FB-9E15-346CDBAEB1BD}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BED2FFDD-8169-4996-B79C-C8212D6212CD}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B6049CDA-5875-4617-8BF7-9A052CCCEC06}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B30F5F60-7015-4799-91EB-778700102F8B}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [UDP Query User{A9FFD051-8FCD-44A3-B952-F3AF195157F7}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{CEB8091C-CE29-4B1B-B89B-4FA0EF24556F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{D79B315C-64F6-49A7-8C52-FAE75805F7D6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7ECE8BB-8957-4159-B2DB-DE026CE96113}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8D4CA353-B546-48D8-A235-1E2D885A2337}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{40394BF5-5196-4947-AE3B-3EDF46B64C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A5E8B12E-FA20-4482-8BAC-49D0E2880C85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{63221326-276E-4796-8B87-150213399625}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0BF43371-7FCC-4158-AE9E-B3D9A440C2FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E5ADA3B3-A36D-4E54-94F2-7889FDB3F8CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F6AA52A-28E5-4C70-98A7-7D3D2B0DF0C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0CA07BD8-3AD6-4374-B338-87F089463A35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C2CF675-8869-479A-B613-C094EB2F2CF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{55F125F1-031F-4276-B2EE-805F5B21DC17}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
16-09-2021 05:16:01 Scheduled Checkpoint
21-09-2021 14:08:47 Windows Modules Installer
21-09-2021 18:20:17 Restore Operation
22-09-2021 22:50:16 Windows Modules Installer
22-09-2021 22:50:53 Removed Avid Link.
 
==================== Faulty Device Manager Devices ============
 
Name: DCP-L2540DW
Description: DCP-L2540DW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/24/2021 01:34:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/22/2021 11:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934
Exception code: 0xc00d4e24
Fault offset: 0x000000000010be3e
Faulting process id: 0x29a0
Faulting application start time: 0x01d7b036edadc4c6
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0e03ea42-d46e-4ef6-bc39-eb90f17cd87b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/22/2021 11:36:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (09/22/2021 11:36:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (09/22/2021 11:36:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (09/22/2021 11:36:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (09/22/2021 07:04:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (09/22/2021 07:04:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (09/26/2021 02:57:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error: 
Incorrect function.
 
Error: (09/25/2021 02:02:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (09/25/2021 02:02:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\erine\AppData\Local\Temp\ehdrv.sys
 
Error: (09/25/2021 02:02:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (09/25/2021 02:02:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\erine\AppData\Local\Temp\ehdrv.sys
 
Error: (09/25/2021 02:02:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (09/25/2021 02:02:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\erine\AppData\Local\Temp\ehdrv.sys
 
Error: (09/25/2021 02:02:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\erine\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-09-25 23:02:43
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Mp3Rocket
Severity: Low
Category: Potentially Unwanted Software
Path: file:_F:\Old Desktop 12.2018\mp3rocket.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.349.1397.0, AS: 1.349.1397.0, NIS: 1.349.1397.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
 
Date: 2021-09-25 20:14:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-24 18:36:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-23 14:17:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-22 15:31:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-21 13:21:48
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.1082.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80240022
Error description: The program can't check for definition updates. 
 
Date: 2021-09-17 05:06:35
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.890.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2021-09-17 05:06:35
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.890.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2021-09-22 02:06:46
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Installer\MSI307B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-06-27 03:15:28
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.19.0 07/14/2021
Motherboard: Dell Inc. 0H4VK7
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 59%
Total physical RAM: 12110.39 MB
Available physical RAM: 4941.64 MB
Total Virtual: 13966.39 MB
Available Virtual: 4000.18 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.19 GB) (Free:661.95 GB) NTFS
Drive f: (ErinsPassport) (Fixed) (Total:465.73 GB) (Free:424.58 GB) NTFS
 
\\?\Volume{0dc063a1-69be-4be6-ab33-f9d07fccda34}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.49 GB) NTFS
\\?\Volume{98dc49b9-304f-4b24-a15e-39dc3c620e5c}\ (Image) (Fixed) (Total:11.52 GB) (Free:0.23 GB) NTFS
\\?\Volume{792f05df-4929-4744-8772-a75e1c906fe3}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.21 GB) NTFS
\\?\Volume{afe7b3d6-a805-42cc-8e1f-b11ce3a3cae9}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 32F8F15B)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

Advertisements


#17
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hello, Erin.
 
It seems that you upgraded the operating system. That was the last step I would ask you to do.
 
A question: Did you set the computer to restart automatically in a daily base? 
System32\Tasks\Daily Restart => shutdown /r
 
Let's finish it now:
 
FRST fix
 
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {423B6AD6-CA12-4720-82C4-C6F1DC202E37} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
Task: {4BF93158-D314-443E-BD3C-8BE8CE6BDAEC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
2021-09-26 01:45 - 2021-09-26 01:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-26 01:45 - 2021-09-26 01:45 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-26 01:40 - 2021-09-26 01:40 - 000001214 _____ C:\Users\erine\Documents\eset 09.26.21.txt
2021-09-25 13:59 - 2021-09-25 13:59 - 000001294 _____ C:\Users\erine\Desktop\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:59 - 000001400 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:58 - 000000000 ____D C:\Users\erine\AppData\Local\ESET
2021-09-25 13:57 - 2021-09-25 13:57 - 011697056 _____ (ESET) C:\Users\erine\Desktop\esetonlinescanner.exe
C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg
C:\Users\erine\AppData\Local\ESET
F:\Old Desktop 12.2018\mp3rocket.exe
Unlock: C:\Recovery
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  • The fixlog.txt
  • Feedback: How is the computer running now? Any remaining issue/question/concern?

  • 1

#18
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

I'm losing you again? :)


  • 0

#19
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

I did set my computer to restart everyday. Is that problematic? Also, will the directions you wrote override that?


  • 0

#20
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

I did set my computer to restart everyday. Is that problematic? Also, will the directions you wrote override that?

 

There is nothing wrong with that. I just asked, because you didn't have that when we started this procedure. 

 

No, the above instructions won't override it. Then, there would not be a reason to ask you, right? 


  • 0

#21
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Here you go!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by erine (29-09-2021 16:01:26) Run:2
Running from C:\Users\erine\Desktop
Loaded Profiles: erine
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {423B6AD6-CA12-4720-82C4-C6F1DC202E37} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
Task: {4BF93158-D314-443E-BD3C-8BE8CE6BDAEC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\erine\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-25] (ESET, spol. s r.o. -> ESET)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
2021-09-26 01:45 - 2021-09-26 01:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-26 01:45 - 2021-09-26 01:45 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-26 01:40 - 2021-09-26 01:40 - 000001214 _____ C:\Users\erine\Documents\eset 09.26.21.txt
2021-09-25 13:59 - 2021-09-25 13:59 - 000001294 _____ C:\Users\erine\Desktop\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:59 - 000001400 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-25 13:58 - 2021-09-25 13:58 - 000000000 ____D C:\Users\erine\AppData\Local\ESET
2021-09-25 13:57 - 2021-09-25 13:57 - 011697056 _____ (ESET) C:\Users\erine\Desktop\esetonlinescanner.exe
C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg
C:\Users\erine\AppData\Local\ESET
F:\Old Desktop 12.2018\mp3rocket.exe
Unlock: C:\Recovery
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423B6AD6-CA12-4720-82C4-C6F1DC202E37}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423B6AD6-CA12-4720-82C4-C6F1DC202E37}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BF93158-D314-443E-BD3C-8BE8CE6BDAEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF93158-D314-443E-BD3C-8BE8CE6BDAEC}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
HKLM\System\CurrentControlSet\Services\DBUtilDrv2 => removed successfully
DBUtilDrv2 => service removed successfully
"C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn" => not found
"C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime" => not found
C:\Users\erine\Documents\eset 09.26.21.txt => moved successfully
C:\Users\erine\Desktop\ESET Online Scanner.lnk => moved successfully
C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk => moved successfully
C:\Users\erine\AppData\Local\ESET => moved successfully
C:\Users\erine\Desktop\esetonlinescanner.exe => moved successfully
C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg => moved successfully
"C:\Users\erine\AppData\Local\ESET" => not found
"F:\Old Desktop 12.2018\mp3rocket.exe" => not found
"C:\Recovery" => was unlocked
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31903128 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6121874 B
Edge => 0 B
Chrome => 1404347631 B
Firefox => 32996971 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 16846 B
erine => 370194645 B
 
RecycleBin => 54208 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:08:53 ====

  • 0

#22
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Oh, and the computer is running fine!


  • 0

#23
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Oh, and the computer is running fine!

 
Great!  wLPkDda.gif
 
If there is no other question, let's finish it.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 1

#24
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Here is the log for this step.

 

# Run at 10/1/2021 3:20:00 PM
# KpRm (Kernel-panik) version 2.9.2
# Run by erine from C:\Users\erine\Desktop
# Computer Name: DESKTOP-0OR6TUF
# OS: Windows 10 X64 (19043) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\erine\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-10-01-15-20-00
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\erine\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## FRST
     [OK] C:\Users\erine\Desktop\Addition.txt deleted
     [OK] C:\Users\erine\Desktop\Fixlog.txt deleted
     [OK] C:\Users\erine\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\erine\Desktop\FRST.txt deleted
     [OK] C:\Users\erine\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Restore Operation created at 09/21/2021 23:20:17 deleted
   ~ [OK] RP named Windows Modules Installer created at 09/23/2021 03:50:16 deleted
   ~ [OK] RP named Removed Avid Link. created at 09/23/2021 03:50:53 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 10/01/2021 17:55:41 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 10/01/2021 20:20:51
 
-- KPRM finished in 83.51s --

  • 0

#25
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Very good, Erin!
 
Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally as an on-demand scanner, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif



I'm glad I was able to help you.


  • 1

Advertisements


#26
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Thank you so much for your help. I really appreciate your time and expertise. 

 

Erin


  • 0

#27
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

H i, Erin.

 

I am glad I was able to help you. Take care, stay safe, you and your computer.  :yes:

 

======================================

 

As this issue appears to be resolved, I'm closing this topic.
 
Erin, if you need it reopened, please send me a personal message (Hoover with the mouse on my profile name and choose Send message).

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP