Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer suddenly grew sluggish a few weeks ago and needs examined

Started by Warship , Oct 13 2021 07:51 PM

Please log in to reply

#46
Warship

Posted 24 October 2021 - 05:17 PM

Member

Topic Starter
Member
94 posts

UPDATE: After a reboot, the "managed by your organization" is gone and the features have returned.

Thanks again. I guess that should conclude things.

#47
Warship

Posted 11 November 2021 - 05:56 AM

Member

Topic Starter
Member
94 posts

I hate to return, but some issues have returned. It mostly works well with one exception. On starting every day, it is very slow. It takes it the better part of 5-10 minutes to even respond. The hard drive just whirrs and grinds for several minutes or more. Anything we can do?

#48
RKinner

Posted 11 November 2021 - 07:16 AM

Malware Expert

Expert
24,624 posts

Run VEW so I can see if there are any obvious errors:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System

* Application
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.

Please copy and paste the Output log into your next reply

The usual method for a slow start is to search for

msconfig

then click on the Services tab. Click the box: Hide all Microsoft services then uncheck everything that remains and OK then reboot. If that fixes the problem then you go back into msconfig and check about 1/2 of the boxes, OK and restart. Try to find which service is causing the problem.

Used to be we could turn off Startup programs the same way but Win 10 broke that. Instead

search for

task manager

hit Enter

Click on Startup. You will see a list of startup programs (these run during the boot). Task Manager will tell you what impact they have so you can disable any with high impact then reboot and see if that helps.

#49
Warship

Posted 13 November 2021 - 06:02 AM

Member

Topic Starter
Member
94 posts

Dell has updated my computer TWICE in the past two days. That may explain some of it. ALSO, when I got up today there was a new icon on my desktop that said RaidSetup. I have no idea where it came from or what it is. I of course deleted the icon. Should we scan for malware again??

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 13/11/2021 6:59:13 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/11/2021 3:09:37 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 12/11/2021 3:00:34 AM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 11/11/2021 2:17:51 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2cf0 Start Time: 01d7d4937c6a3cb3 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042 Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce

Log: 'Application' Date/Time: 04/11/2021 2:33:32 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 28/10/2021 5:29:16 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 21/10/2021 2:13:38 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 17/10/2021 7:26:55 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:25:48 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:21:49 PM

Type: Error Category: 0

Event: 10007 Source: Microsoft-Windows-RestartManager

Application or service 'Intel® Management and Security Application Local Management Service' could not be restarted.

Log: 'Application' Date/Time: 17/10/2021 7:21:24 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:10:23 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 16/10/2021 5:48:13 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 14/10/2021 6:30:04 PM

Type: Error Category: 0

Event: 17 Source: SecurityCenter

Security Center failed to validate caller with error DC040780.

Log: 'Application' Date/Time: 14/10/2021 2:41:39 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: pcdrsysinfocommunication.p5x, version: 6.0.7303.352, time stamp: 0x61023fe3 Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac Exception code: 0xc0000005 Fault offset: 0x0000000000024785 Faulting process id: 0x2d14 Faulting application start time: 0x01d7c1098f5a23eb Faulting application path: C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfocommunication.p5x Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: b9de639d-7a36-4355-bda0-f351c6a0ce2d Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 14/10/2021 2:40:55 PM

Type: Error Category: 0

Event: 17 Source: SecurityCenter

Security Center failed to validate caller with error DC040780.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM

Type: Warning Category: 3

Event: 472 Source: ESENT

svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:02:40 AM

Type: Warning Category: 0

Event: 0 Source: RAPSService

Child process [5408 - RAPS.exe ] finished with -1073741510

Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 10/11/2021 1:21:19 AM

Type: Warning Category: 7

Event: 508 Source: ESENT

wuaueng.dll (12556,D,0) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 245760 (0x000000000003c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2021 7:03:33 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 03/11/2021 6:55:56 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 03/11/2021 6:14:40 PM

Type: Warning Category: 0

Event: 0 Source: Dwminit

The Desktop Window Manager process has exited. (Process exit code: 0x0000042b, Restart count: 1, Primary display device ID: Intel® HD Graphics 630)

Log: 'Application' Date/Time: 24/10/2021 11:06:42 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 21/10/2021 10:42:25 PM

Type: Warning Category: 0

Event: 8303 Source: Microsoft-Windows-System-Restore

Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.

Log: 'Application' Date/Time: 20/10/2021 5:26:31 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 20/10/2021 5:20:45 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 10:53:46 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 10:53:27 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 6:39:27 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 18/10/2021 8:16:09 PM

Type: Warning Category: 0

Event: 8303 Source: Microsoft-Windows-System-Restore

Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.

Log: 'Application' Date/Time: 17/10/2021 7:55:41 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 30/07/2021 9:30:51 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/07/2021 6:26:50 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 13/11/2021 11:49:56 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/11/2021 11:49:53 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/11/2021 11:49:52 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/11/2021 11:49:48 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/11/2021 11:49:48 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/11/2021 3:14:32 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server Microsoft.MicrosoftOfficeHub_18.2106.12410.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXt4mh7c9swwc5cmd5jgmtmwcfmvkddpn1.mca did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:17:38 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The WMI Performance Adapter service terminated with the following error: The media is write protected.

Log: 'System' Date/Time: 12/11/2021 3:17:17 PM

Type: Error Category: 0

Event: 7038 Source: Service Control Manager

The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 12/11/2021 3:17:03 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:17:02 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:17:02 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:59 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:58 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:58 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:58 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:58 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:58 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:16:55 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/11/2021 3:09:33 PM

Type: Error Category: 0

Event: 7043 Source: Service Control Manager

The Background Intelligent Transfer Service service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 12/11/2021 3:02:40 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Rivet AP Selector Service service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 13/11/2021 11:55:55 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:53:50 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:53:50 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:53:50 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:53:44 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 13/11/2021 11:52:39 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:51:31 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/11/2021 11:51:31 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 13/11/2021 11:51:11 AM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/11/2021 11:51:10 AM

Type: Warning Category: 0

Event: 34 Source: BTHUSB

The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/11/2021 11:48:06 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 13/11/2021 11:47:17 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 13/11/2021 11:47:17 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 13/11/2021 11:37:59 AM

Type: Warning Category: 0

Event: 34 Source: BTHUSB

Log: 'System' Date/Time: 13/11/2021 11:37:57 AM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/11/2021 3:14:22 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/11/2021 7:16:10 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/11/2021 3:25:37 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/11/2021 3:22:53 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/11/2021 3:20:50 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

#50
RKinner

Posted 13 November 2021 - 10:36 AM

Malware Expert

Expert
24,624 posts

Just going through a few of your errors:

    Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2cf0 Start Time: 01d7d4937c6a3cb3 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042 Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce

This one is a bit old but indicates you may not have the latest version of Edge. Open Edge then click on the three dots in the upper right and then select Help and Feedback then About Microsoft Edge. It should automatically update to the latest version which is Version 95.0.1020.53 (Official build) (64-bit).

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

SmartByte is supposed to control the network interface so that when you are streaming a video the video traffic gets priority. Program has a bad rep and should probably be uninstalled. This is an App so you need to go to Settings, Apps, Apps and Features then find SmartByte and click on it. The uninstall button should appear. If you find things are worse without it you can always get it again from the Dell site.

Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM

Type: Warning Category: 3

Event: 472 Source: ESENT

svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.

This is sometimes caused by a problem with the file store.vol located in the same folder. Apparently if you use Grove and a few other programs it creates an index of your music and pictures and perhaps your videos and this file can grow to ridiculous size. I just deleted mine and rebooted and it got recreated at a bit over 6 meg. It's not easy to remove since it's a hidden file and several services are using it but should be removable with FRST if you want to reinstall it.

Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

This is caused by the Intel® Ready Mode Technology program. It was supposed to replace the sleep process on Windows but doesn't really work that well and Intel has given up on it. It is now officially obsolete and should be uninstalled from your PC.

Search for

event viewer

hit Enter

Click on Windows Logs

Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot and rerun VEW.

#51
Warship

Posted 15 November 2021 - 06:11 AM

Member

Topic Starter
Member
94 posts

I did all of them except the middle one because I don't know how to do that one. If it is that difficult to remove, it may be best to leave it be.

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 15/11/2021 7:09:11 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 15/11/2021 11:30:13 AM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 12/11/2021 3:09:37 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 12/11/2021 3:00:34 AM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 11/11/2021 2:17:51 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

Log: 'Application' Date/Time: 04/11/2021 2:33:32 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 28/10/2021 5:29:16 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 21/10/2021 2:13:38 AM

Type: Error Category: 0

Event: 264 Source: Microsoft-Windows-Defrag

The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Log: 'Application' Date/Time: 17/10/2021 7:26:55 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:25:48 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:21:49 PM

Type: Error Category: 0

Event: 10007 Source: Microsoft-Windows-RestartManager

Application or service 'Intel® Management and Security Application Local Management Service' could not be restarted.

Log: 'Application' Date/Time: 17/10/2021 7:21:24 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 17/10/2021 7:10:23 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. .

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Log: 'Application' Date/Time: 16/10/2021 5:48:13 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM

Type: Error Category: 0

Event: 13 Source: VSS

Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 14/10/2021 6:30:04 PM

Type: Error Category: 0

Event: 17 Source: SecurityCenter

Security Center failed to validate caller with error DC040780.

Log: 'Application' Date/Time: 14/10/2021 2:41:39 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 15/11/2021 11:50:15 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 7800) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 14/11/2021 10:58:36 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM

Type: Warning Category: 3

Event: 472 Source: ESENT

svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:02:40 AM

Type: Warning Category: 0

Event: 0 Source: RAPSService

Child process [5408 - RAPS.exe ] finished with -1073741510

Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 10/11/2021 1:21:19 AM

Type: Warning Category: 7

Event: 508 Source: ESENT

Log: 'Application' Date/Time: 03/11/2021 7:03:33 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 03/11/2021 6:55:56 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 03/11/2021 6:14:40 PM

Type: Warning Category: 0

Event: 0 Source: Dwminit

The Desktop Window Manager process has exited. (Process exit code: 0x0000042b, Restart count: 1, Primary display device ID: Intel® HD Graphics 630)

Log: 'Application' Date/Time: 24/10/2021 11:06:42 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 21/10/2021 10:42:25 PM

Type: Warning Category: 0

Event: 8303 Source: Microsoft-Windows-System-Restore

Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.

Log: 'Application' Date/Time: 20/10/2021 5:26:31 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

Log: 'Application' Date/Time: 20/10/2021 5:20:45 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 10:53:46 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 10:53:27 PM

Type: Warning Category: 0

Event: 1008 Source: Microsoft-Windows-Perflib

The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.

Log: 'Application' Date/Time: 19/10/2021 6:39:27 PM

Type: Warning Category: 1

Event: 2000 Source: Intel( R ) RMT

IRMT - CAudioManager::UnregisterMmClientCallbackEvent Unable to unregister default audio device change notification callback, status=0x80070490

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 15/11/2021 12:09:07 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:06:51 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:04:47 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:04:47 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:04:47 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:03:27 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:02:29 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:02:29 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 15/11/2021 12:02:07 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 15/11/2021 12:02:06 PM

Type: Warning Category: 0

Event: 34 Source: BTHUSB

Log: 'System' Date/Time: 15/11/2021 12:00:21 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

#52
RKinner

Posted 15 November 2021 - 08:23 AM

Malware Expert

Expert
24,624 posts

Doesn't look like SmartByte went away. Let's run FRST again and see what is going on:

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Smart Screen, Windows Defender and Avast have all been blocking FRST recently. It's a false positive so pause your antivirus when downloading or running FRST. If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.

#53
Warship

Posted 15 November 2021 - 12:55 PM

Member

Topic Starter
Member
94 posts

I dunno what happened this time but when I downloaded it, I got a yellow caution signal that says "FRST64.exe isn't commonly downloaded. Make sure you trust before you open." and the icon on the desktop is blank with the title "unconfirmed508906.crdo..."

Should I continue and run it?

#54
RKinner

Posted 15 November 2021 - 07:14 PM

Malware Expert

Expert
24,624 posts

Chrome blocked it. Follow the instructions here:

https://www.addictiv...rror-in-chrome/

#55
Warship

Posted 16 November 2021 - 05:52 AM

Member

Topic Starter
Member
94 posts

Really?? I'm using Edge.

UPDATE: I went to the "before you post" section and tried it. It seems to be downloaded now.

Edited by Warship, 16 November 2021 - 05:57 AM.

#56
RKinner

Posted 16 November 2021 - 07:11 AM

Malware Expert

Expert
24,624 posts

Same idea. Edge is just a rebranded Chrome.

#57
Warship

Posted 16 November 2021 - 01:54 PM

Member

Topic Starter
Member
94 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021

Ran by Shaun (administrator) on DESKTOP-CMF42HE (Dell Inc. Inspiron 3268) (16-11-2021 14:41:39)

Running from C:\Users\Shaun\Desktop

Loaded Profiles: Shaun

Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe

(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe

(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.53\identity_helper.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfodirect.p5x

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfosoftware.p5x

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfosystemboard.p5x

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfovideocapture.p5x

(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe

(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Inc -> Waves Audio Ltd.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-13] (Intel® Rapid Storage Technology -> Intel Corporation)

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\Run: [MicrosoftEdgeAutoLaunch_F95D26AAF271BBEFBD774A1AC86EDFBB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --profile-directory=Default --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switche (the data entry has 131 more characters).

HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC)

HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0861B6DD-B11B-4A92-8AA4-8DF313B7E57C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {2DA0A998-463B-4E6B-A472-AC95C14098FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {3CFBB38E-CCB8-4303-9A3F-9B458DCF59A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)

Task: {431DD6D1-BCE3-467C-906B-CEB8261A3C5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {6E90FAA0-1D6D-4C6C-AA9C-118590D4B3C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {6F0182FA-6753-4AF4-B05F-79D5EBF7F7A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {869CB8C9-7E7A-42E6-99B5-2772D7DB946F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {B60A86DD-41FB-4C29-9650-2CAA5912F13E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)

Task: {BD84FB14-8B74-49D8-8A70-A971C0D6264D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {BF5C58FA-2320-4040-8D7D-C54E1150BBBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {C5C5D9FE-71AA-4F4C-80EC-2BE90CD5BD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMF42HE 01

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{a34b5ba2-caa7-466d-8e8b-218689f670f4}: [DhcpNameServer] 71.10.216.2 71.10.216.1

Tcpip\..\Interfaces\{d22675a4-b80a-4f81-a851-395f465b7280}: [DhcpNameServer] 192.168.1.1

Edge:

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:\Users\Shaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-16]

Edge DownloadDir: Default -> C:\Users\Shaun\Desktop

Edge HomePage: Default -> hxxp://www.google.com/

FireFox:

========

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

CHR Profile: C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US105G0&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}

CHR Extension: (Slides) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-04]

CHR Extension: (Docs) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-04]

CHR Extension: (Google Drive) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-17]

CHR Extension: (YouTube) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-04]

CHR Extension: (Sheets) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-04]

CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-22]

CHR Extension: (Google Docs Offline) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-23]

CHR Extension: (Gmail) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)

R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)

R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.)

R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [301768 2019-08-12] (Dell Inc -> Dell Inc.)

R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-10-12] (Dell Inc -> )

R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel® RMT -> Intel Corporation)

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)

S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)

S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-16 14:42 - 2021-11-16 14:42 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys

2021-11-16 14:41 - 2021-11-16 14:45 - 000016613 _____ C:\Users\Shaun\Desktop\FRST.txt

2021-11-16 06:58 - 2021-11-16 06:58 - 000000000 ____D C:\Users\Shaun\Desktop\FRST-OlderVersion

2021-11-16 06:57 - 2021-11-16 14:44 - 000000000 ____D C:\FRST

2021-11-16 06:55 - 2021-11-16 06:58 - 002311680 _____ (Farbar) C:\Users\Shaun\Desktop\FRST64.exe

2021-11-15 06:30 - 2021-11-15 06:30 - 000000000 ____D C:\WINDOWS\{20D7CF3A-C734-4F83-AD51-4EEB6D891407}

2021-11-13 06:59 - 2021-11-15 07:09 - 000019415 _____ C:\VEW.txt

2021-11-13 06:56 - 2021-11-13 06:56 - 000061440 _____ ( ) C:\Users\Shaun\Desktop\VEW.exe

2021-11-11 07:28 - 2021-11-11 07:28 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-11-11 07:27 - 2021-11-11 07:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe

2021-11-11 07:27 - 2021-11-11 07:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe

2021-11-11 07:26 - 2021-11-11 07:26 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe

2021-11-11 06:43 - 2021-11-11 06:43 - 000000000 ___HD C:\$WinREAgent

2021-11-03 18:33 - 2021-11-03 18:33 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk

2021-11-03 18:33 - 2021-11-03 18:33 - 000000000 ____D C:\Program Files\PCHealthCheck

2021-10-19 14:04 - 2021-10-19 14:04 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS

2021-10-17 14:17 - 2021-10-17 14:27 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}

2021-10-17 14:12 - 2021-10-17 14:12 - 000000000 ____D C:\Users\Default\AppData\Roaming\Intel Corporation

2021-10-17 14:12 - 2021-10-17 14:12 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation

2021-10-17 14:11 - 2021-10-17 14:11 - 000000000 ____D C:\Program Files\Common Files\Intel

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-16 14:42 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF

2021-11-16 14:41 - 2019-06-04 16:57 - 000000000 ____D C:\Program Files (x86)\Google

2021-11-16 14:37 - 2020-11-17 12:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-11-16 14:37 - 2020-11-17 12:17 - 000008192 ___SH C:\DumpStack.log.tmp

2021-11-16 14:37 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-11-16 14:37 - 2018-03-13 21:28 - 000000000 __SHD C:\Users\Shaun\IntelGraphicsProfiles

2021-11-16 14:37 - 2017-08-21 13:38 - 000000000 ____D C:\Intel

2021-11-16 14:36 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2021-11-16 14:33 - 2020-11-17 12:37 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{839F4962-EE57-40F5-8E52-E3261F4F060A}

2021-11-16 10:52 - 2020-11-17 12:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-11-15 09:07 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-11-15 09:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-11-15 06:48 - 2018-03-15 16:40 - 000000000 ____D C:\Users\Shaun\AppData\Local\Packages

2021-11-14 05:38 - 2020-06-23 16:22 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-11-14 05:38 - 2020-06-23 16:22 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2021-11-12 10:25 - 2020-11-17 12:32 - 000842482 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-11-11 22:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration

2021-11-11 18:58 - 2017-08-21 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2021-11-11 07:40 - 2020-11-17 12:17 - 000436680 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences

2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-11-11 07:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

2021-11-11 07:35 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-11-10 06:39 - 2018-03-15 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-11-10 06:37 - 2018-03-15 00:33 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-11-05 16:33 - 2017-08-21 13:26 - 000000000 ____D C:\ProgramData\PCDr

2021-11-05 06:29 - 2020-11-17 12:37 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1717062034-1452997292-2084382277-1001

2021-11-05 06:29 - 2020-11-17 04:20 - 000002385 _____ C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2021-11-02 16:23 - 2019-06-04 16:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-11-02 16:23 - 2019-06-04 16:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2021-11-02 13:33 - 2018-05-10 08:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2021-10-17 14:47 - 2018-06-13 04:26 - 000000000 ____D C:\ProgramData\Packages

2021-10-17 14:47 - 2018-03-13 21:28 - 000000000 ____D C:\Users\Shaun\AppData\Local\Publishers

2021-10-17 14:34 - 2017-08-21 13:32 - 000000000 ____D C:\ProgramData\Intel

2021-10-17 14:26 - 2017-08-21 13:32 - 000000000 ____D C:\ProgramData\Package Cache

2021-10-17 14:23 - 2017-08-21 13:32 - 000000000 ____D C:\Program Files\Intel

2021-10-17 14:22 - 2017-08-21 13:32 - 000000000 ____D C:\Program Files (x86)\Intel

2021-10-17 14:15 - 2017-08-21 13:35 - 000000000 ____D C:\Program Files (x86)\Dell Wireless

2021-10-17 14:14 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO

2021-10-17 14:12 - 2017-08-21 13:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

==================== Files in the root of some directories ========

2021-11-13 06:49 - 2021-11-13 06:53 - 000004020 _____ () C:\Users\Shaun\AppData\Local\PlariumPlay.log

2021-10-16 18:00 - 2021-10-16 18:00 - 000007639 _____ () C:\Users\Shaun\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#58
Warship

Posted 16 November 2021 - 01:54 PM

Member

Topic Starter
Member
94 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021

Ran by Shaun (16-11-2021 14:47:46)

Running from C:\Users\Shaun\Desktop

Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-11-17 17:38:25)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1717062034-1452997292-2084382277-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1717062034-1452997292-2084382277-503 - Limited - Disabled)

Guest (S-1-5-21-1717062034-1452997292-2084382277-501 - Limited - Disabled)

Shaun (S-1-5-21-1717062034-1452997292-2084382277-1001 - Administrator - Enabled) => C:\Users\Shaun

WDAGUtilityAccount (S-1-5-21-1717062034-1452997292-2084382277-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden

Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)

Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)

Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden

Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)

Dell SupportAssist Remediation (HKLM\...\{388A412B-5C0C-4C1E-8BF7-B6E9E117F367}) (Version: 4.4.2.9869 - Dell Inc.) Hidden

Dell SupportAssist Remediation (HKLM-x32\...\{4990dc23-fdee-4fec-8bde-9f5d4745f88b}) (Version: 4.4.2.9869 - Dell Inc.)

Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.4.0 - Dell Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)

Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2105.15.0.2157 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)

Intel® Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.62.321.1 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) Hidden

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)

Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)

Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:

=========

Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)

Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.0.0_x64__htrsf667h5kn2 [2021-08-06] (Dell Inc)

Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-09-14] (Dell Inc)

Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)

Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-02] (Dell Inc)

Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.10.188.0_x64__rz1tebttyb220 [2021-10-13] (Dolby Laboratories)

Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-14] (Dropbox Inc.)

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-17] (INTEL CORP) [Startup Task]

Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-28] (CYBERLINK CORPORATION.)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]

Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)

One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2021.922.2.0_x64__8kea50m9krsh2 [2021-10-17] (Code Spark)

Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-02-12] (Pandora Media Inc) [Startup Task]

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-28] (Microsoft Corporation)

Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-03-13] (Plex)

Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)

Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-13] (CYBERLINK CORPORATION.) [Startup Task]

PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-17] (CYBERLINK CORPORATION.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task]

Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation)

WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2020-02-12] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-01-14 14:50 - 2020-01-14 14:51 - 032162304 _____ () [File not signed] C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96\DropboxUniversal.dll

2018-12-18 04:39 - 2018-12-18 04:39 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96\e_sqlite3.dll

2021-08-11 14:16 - 2021-08-11 14:16 - 000016384 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2\Dell.D3.HSA.Client.dll

2021-08-11 14:16 - 2021-08-11 14:16 - 022701568 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2\Dell.D3.UWP.dll

2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE

SearchScopes: HKLM -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

SearchScopes: HKLM -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE

SearchScopes: HKLM-x32 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

SearchScopes: HKLM-x32 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE

SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL =

SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8057CBD6-21A2-4EE1-AC42-95E08676F319}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File

FirewallRules: [{03FC484A-0C52-4799-B315-F1C27395241C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File

FirewallRules: [{D6D82AB8-7573-4306-B294-8C0551FEEBFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F84A851D-D946-4364-AD43-25C3F6689B02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{EA3867D6-C96D-4988-84E6-9CFB646891D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E1166ABA-0253-4F4C-BFC8-55EA6B210B59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{CEFED289-A9BD-4E00-A406-9C856B93530A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{451E4A60-3F60-4D45-A5F5-4D2E3476E406}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{F246379C-7631-4B14-9722-8ACB26529DD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{93DE25E0-C857-4E34-B40E-2B1A8958171D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{C9F90F39-4A4D-4DB5-AF35-A02898A86185}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{1B4DC056-D39C-4303-ABAA-14A0E2B50B43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3196DE9A-614F-43A3-905F-89C964A41E9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{65FFA6C5-7D25-4481-BAD8-F7A4C292186A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{362A7311-E00C-4814-9DE9-6F03F93A2F59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{297FF032-C880-4004-9508-935C8D27FEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{58B0A977-3FE2-4402-9AE8-D58BD704BA15}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

24-10-2021 04:17:38 O&O ShutUp10++

02-11-2021 14:24:30 Scheduled Checkpoint

10-11-2021 06:39:25 Windows Modules Installer

11-11-2021 06:40:35 Windows Modules Installer

15-11-2021 06:48:20 Removed SmartByte Drivers and Services.

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (11/15/2021 06:30:13 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (11/12/2021 10:09:37 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

Error: (11/11/2021 10:00:34 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (11/10/2021 09:17:51 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/08/2021 06:27:28 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2cf0

Start Time: 01d7d4937c6a3cb3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe

Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042

Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (11/03/2021 09:33:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/28/2021 12:29:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/20/2021 09:13:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:

=============

Error: (11/16/2021 02:35:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CMF42HE)

Description: The server microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (11/16/2021 02:35:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CMF42HE)

Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.

Windows Defender:

================

Date: 2021-11-14 14:47:06

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-11-13 15:25:21

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-11-12 16:52:15

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-11-12 16:19:56

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2021-11-12 15:03:25

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

CodeIntegrity:

===============

Date: 2021-10-17 15:12:20

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Installer\MSI99E2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-10-14 12:28:38

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-14 10:42:33

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2021-10-14 10:39:44

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-14 10:37:07

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.17.1 07/30/2021

Motherboard: Dell Inc. 07F37C

Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz

Percentage of memory in use: 80%

Total physical RAM: 4004.03 MB

Available physical RAM: 770.25 MB

Total Virtual: 9636.03 MB

Available Virtual: 5792.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.8 GB) (Free:854.49 GB) NTFS

\\?\Volume{5628e818-bc28-416b-a394-320b3ab3447d}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

\\?\Volume{559769b0-1b03-4394-9f4c-5b80ce85e54f}\ (Image) (Fixed) (Total:11.54 GB) (Free:0.2 GB) NTFS

\\?\Volume{756d53f9-9b75-42ea-b8ab-c09b2a7e718e}\ (DELLSUPPORT) (Fixed) (Total:1.04 GB) (Free:0.35 GB) NTFS

\\?\Volume{dee77eb3-7747-412e-a909-4f920ff25df5}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 433315AF)

Partition: GPT.

==================== End of Addition.txt =======================

#59
RKinner

Posted 16 November 2021 - 05:15 PM

Malware Expert

Expert
24,624 posts

Download the attached fixlist.txt to the same location as FRST

fixlist.txt 2.79KB 115 downloads

Run FRST and press Fix

A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan. Post both logs.

Download BlueScreenView

http://www.nirsoft.net/utils/blue_screen_view.html

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Is it still slow booting?

#60
Warship

Posted 17 November 2021 - 11:49 AM

Member

Topic Starter
Member
94 posts

Response time for the machine seems better today.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021

Ran by Shaun (17-11-2021 12:38:11) Run:1

Running from C:\Users\Shaun\Desktop

Loaded Profiles: Shaun

Boot Mode: Normal

==============================================

fixlist content:

*****************