Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer suddenly grew sluggish a few weeks ago and needs examined


  • Please log in to reply

#46
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

UPDATE: After a reboot, the "managed by your organization" is gone and the features have returned.

 

Thanks again. I guess that should conclude things.


  • 0

Advertisements


#47
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

I hate to return, but some issues have returned. It mostly works well with one exception. On starting every day, it is very slow. It takes it the better part of 5-10 minutes to even respond. The hard drive just whirrs and grinds for several minutes or more. Anything we can do?


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP

Run VEW so I can see if there are any obvious errors:

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System

* Application
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.


Please copy and paste the Output log into your next reply

The usual method for a slow start is to search for

msconfig

then click on the Services tab.  Click the box: Hide all Microsoft services then uncheck everything that remains and OK then reboot.  If that fixes the problem then you go back into msconfig and check about 1/2 of the boxes, OK and restart.  Try to find which service is causing the problem.

 

Used to be we could turn off Startup programs the same way but Win 10 broke that.  Instead

search for

task manager

hit Enter

Click on Startup.  You will see a list of startup programs (these run during the boot).  Task Manager will tell you what impact they have so you can disable any with high impact then reboot and see if that helps.


  • 0

#49
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Dell has updated my computer TWICE in the past two days. That may explain some of it. ALSO, when I got up today there was a new icon on my desktop that said RaidSetup. I have no idea where it came from or what it is. I of course deleted the icon. Should we scan for malware again??

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/11/2021 6:59:13 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/11/2021 3:09:37 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 12/11/2021 3:00:34 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 11/11/2021 2:17:51 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 2cf0  Start Time: 01d7d4937c6a3cb3  Termination Time: 4294967295  Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe  Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042  Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce 
 
Log: 'Application' Date/Time: 04/11/2021 2:33:32 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 28/10/2021 5:29:16 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 21/10/2021 2:13:38 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 17/10/2021 7:26:55 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:25:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:21:49 PM
Type: Error Category: 0
Event: 10007 Source: Microsoft-Windows-RestartManager
Application or service 'Intel® Management and Security Application Local Management Service' could not be restarted.
 
Log: 'Application' Date/Time: 17/10/2021 7:21:24 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:10:23 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 16/10/2021 5:48:13 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 14/10/2021 6:30:04 PM
Type: Error Category: 0
Event: 17 Source: SecurityCenter
Security Center failed to validate caller with error DC040780.
 
Log: 'Application' Date/Time: 14/10/2021 2:41:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: pcdrsysinfocommunication.p5x, version: 6.0.7303.352, time stamp: 0x61023fe3 Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac Exception code: 0xc0000005 Fault offset: 0x0000000000024785 Faulting process id: 0x2d14 Faulting application start time: 0x01d7c1098f5a23eb Faulting application path: C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfocommunication.p5x Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: b9de639d-7a36-4355-bda0-f351c6a0ce2d Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 14/10/2021 2:40:55 PM
Type: Error Category: 0
Event: 17 Source: SecurityCenter
Security Center failed to validate caller with error DC040780.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.
 
Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:02:40 AM
Type: Warning Category: 0
Event: 0 Source: RAPSService
Child process [5408 - RAPS.exe ] finished with -1073741510
 
Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 10/11/2021 1:21:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (12556,D,0) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 245760 (0x000000000003c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 03/11/2021 7:03:33 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 03/11/2021 6:55:56 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 03/11/2021 6:14:40 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0x0000042b, Restart count: 1, Primary display device ID: Intel® HD Graphics 630)
 
Log: 'Application' Date/Time: 24/10/2021 11:06:42 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 21/10/2021 10:42:25 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.
 
Log: 'Application' Date/Time: 20/10/2021 5:26:31 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 20/10/2021 5:20:45 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 10:53:46 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 10:53:27 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 6:39:27 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 18/10/2021 8:16:09 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.
 
Log: 'Application' Date/Time: 17/10/2021 7:55:41 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/07/2021 9:30:51 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 26/07/2021 6:26:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/11/2021 11:49:56 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 13/11/2021 11:49:53 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 13/11/2021 11:49:52 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {973D20D7-562D-44B9-B70B-5A0F49CCDF3F} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 13/11/2021 11:49:48 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 13/11/2021 11:49:48 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 13/11/2021 3:14:32 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.MicrosoftOfficeHub_18.2106.12410.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXt4mh7c9swwc5cmd5jgmtmwcfmvkddpn1.mca did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:17:38 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The WMI Performance Adapter service terminated with the following error:  The media is write protected.
 
Log: 'System' Date/Time: 12/11/2021 3:17:17 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Log: 'System' Date/Time: 12/11/2021 3:17:03 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:17:02 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:17:02 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:59 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:58 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:58 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:58 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:58 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:58 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:16:55 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 12/11/2021 3:09:33 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Background Intelligent Transfer Service service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 12/11/2021 3:02:40 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Rivet AP Selector Service service terminated unexpectedly.  It has done this 1 time(s).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/11/2021 11:55:55 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:53:50 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:53:50 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:53:50 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:53:44 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:52:39 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:51:31 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:51:31 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:51:11 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 13/11/2021 11:51:10 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 13/11/2021 11:48:06 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:47:17 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:47:17 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/11/2021 11:37:59 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 13/11/2021 11:37:57 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 13/11/2021 3:14:22 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/11/2021 7:16:10 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/11/2021 3:25:37 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/11/2021 3:22:53 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/11/2021 3:20:50 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP

Just going through a few of your errors:

 

    Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 2cf0  Start Time: 01d7d4937c6a3cb3  Termination Time: 4294967295  Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe  Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042  Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce

This one is a bit old but indicates you may not have the latest version of Edge.  Open Edge then click on the three dots in the upper right and then select Help and Feedback then About Microsoft Edge.  It should automatically update to the latest version which is Version 95.0.1020.53 (Official build) (64-bit).


   

Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..

SmartByte is supposed to control the network interface so that when you are streaming a video the video traffic gets priority.  Program has a bad rep and should probably be uninstalled.  This is an App so you need to go to Settings, Apps, Apps and Features then find SmartByte and click on it.  The uninstall button should appear.  If you find things are worse without it you can always get it again from the Dell site.

 

 

 
Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.

 

This is sometimes caused by a problem with the file store.vol located in the same folder.  Apparently if you use Grove and a few other programs it creates an index of your music and pictures and perhaps your videos and this file can grow to ridiculous size.  I just deleted mine and rebooted and it got recreated at a bit over 6 meg.  It's not easy to remove since it's a hidden file and several services are using it but should be removable with FRST if you want to reinstall it.

 

Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 

This is caused by the Intel® Ready Mode Technology program.  It was supposed to replace the sleep process on Windows but doesn't really work that well and Intel has given up on it.  It is now officially obsolete and should be uninstalled from your PC.

 

Search for

event viewer

hit Enter

Click on Windows Logs

Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

 

Reboot and rerun VEW.


 


  • 0

#51
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

I did all of them except the middle one because I don't know how to do that one. If it is that difficult to remove, it may be best to leave it be.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 15/11/2021 7:09:11 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/11/2021 11:30:13 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 12/11/2021 3:09:37 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 12/11/2021 3:00:34 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 11/11/2021 2:17:51 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 08/11/2021 11:27:28 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 2cf0  Start Time: 01d7d4937c6a3cb3  Termination Time: 4294967295  Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe  Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042  Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce 
 
Log: 'Application' Date/Time: 04/11/2021 2:33:32 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 28/10/2021 5:29:16 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 21/10/2021 2:13:38 AM
Type: Error Category: 0
Event: 264 Source: Microsoft-Windows-Defrag
The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Log: 'Application' Date/Time: 17/10/2021 7:26:55 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:25:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:21:49 PM
Type: Error Category: 0
Event: 10007 Source: Microsoft-Windows-RestartManager
Application or service 'Intel® Management and Security Application Local Management Service' could not be restarted.
 
Log: 'Application' Date/Time: 17/10/2021 7:21:24 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 17/10/2021 7:10:23 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 16/10/2021 5:48:13 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:20 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 15/10/2021 7:30:19 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 14/10/2021 6:30:04 PM
Type: Error Category: 0
Event: 17 Source: SecurityCenter
Security Center failed to validate caller with error DC040780.
 
Log: 'Application' Date/Time: 14/10/2021 2:41:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: pcdrsysinfocommunication.p5x, version: 6.0.7303.352, time stamp: 0x61023fe3 Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac Exception code: 0xc0000005 Fault offset: 0x0000000000024785 Faulting process id: 0x2d14 Faulting application start time: 0x01d7c1098f5a23eb Faulting application path: C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfocommunication.p5x Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: b9de639d-7a36-4355-bda0-f351c6a0ce2d Faulting package full name:  Faulting package-relative application ID: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/11/2021 11:50:15 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 7800) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 14/11/2021 10:58:36 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 12/11/2021 3:09:36 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 12/11/2021 10:28:47 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
svchost (6564,R,98) Unistore: The shadow header page of file C:\Users\Shaun\AppData\Local\Comms\UnistoreDB\USS.jcp was damaged. The primary header page (4096 bytes) was used instead.
 
Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:04:06 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:02:40 AM
Type: Warning Category: 0
Event: 0 Source: RAPSService
Child process [5408 - RAPS.exe ] finished with -1073741510
 
Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 12/11/2021 3:02:39 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe' (pid 5472) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 10/11/2021 1:21:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (12556,D,0) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 245760 (0x000000000003c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 03/11/2021 7:03:33 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 03/11/2021 6:55:56 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 03/11/2021 6:14:40 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0x0000042b, Restart count: 1, Primary display device ID: Intel® HD Graphics 630)
 
Log: 'Application' Date/Time: 24/10/2021 11:06:42 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 21/10/2021 10:42:25 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8 with error 0x80070057.
 
Log: 'Application' Date/Time: 20/10/2021 5:26:31 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
Log: 'Application' Date/Time: 20/10/2021 5:20:45 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 10:53:46 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 10:53:27 PM
Type: Warning Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed with error code Access is denied.. Performance data for this service will not be available.
 
Log: 'Application' Date/Time: 19/10/2021 6:39:27 PM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::UnregisterMmClientCallbackEvent   Unable to unregister default audio device change notification callback, status=0x80070490
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/11/2021 12:09:07 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:06:51 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:04:47 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:04:47 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:04:47 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:03:27 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:02:29 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:02:29 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/11/2021 12:02:07 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 15/11/2021 12:02:06 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 15/11/2021 12:00:21 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-CMF42HE\Shaun SID (S-1-5-21-1717062034-1452997292-2084382277-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 

  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP

Doesn't look like SmartByte went away.  Let's run FRST again and see what is going on:

 


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.




 


  • 0

#53
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

I dunno what happened this time but when I downloaded it, I got a yellow caution signal that says "FRST64.exe isn't commonly downloaded. Make sure you trust before you open." and the icon on the desktop is blank with the title "unconfirmed508906.crdo..." 

 

Should I continue and run it?


  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP

Chrome blocked it.  Follow the instructions here:

https://www.addictiv...rror-in-chrome/


  • 0

#55
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Really?? I'm using Edge.

 

UPDATE: I went to the "before you post" section and tried it. It seems to be downloaded now.


Edited by Warship, 16 November 2021 - 05:57 AM.

  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP

Same idea.  Edge is just a rebranded Chrome. 


  • 0

#57
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Shaun (administrator) on DESKTOP-CMF42HE (Dell Inc. Inspiron 3268) (16-11-2021 14:41:39)
Running from C:\Users\Shaun\Desktop
Loaded Profiles: Shaun
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.53\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfodirect.p5x
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfosoftware.p5x
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfosystemboard.p5x
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\pcdrsysinfovideocapture.p5x
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\Run: [MicrosoftEdgeAutoLaunch_F95D26AAF271BBEFBD774A1AC86EDFBB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --profile-directory=Default --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switche (the data entry has 131 more characters).
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0861B6DD-B11B-4A92-8AA4-8DF313B7E57C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DA0A998-463B-4E6B-A472-AC95C14098FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CFBB38E-CCB8-4303-9A3F-9B458DCF59A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)
Task: {431DD6D1-BCE3-467C-906B-CEB8261A3C5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E90FAA0-1D6D-4C6C-AA9C-118590D4B3C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F0182FA-6753-4AF4-B05F-79D5EBF7F7A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {869CB8C9-7E7A-42E6-99B5-2772D7DB946F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {B60A86DD-41FB-4C29-9650-2CAA5912F13E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {BD84FB14-8B74-49D8-8A70-A971C0D6264D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF5C58FA-2320-4040-8D7D-C54E1150BBBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5C5D9FE-71AA-4F4C-80EC-2BE90CD5BD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMF42HE 01
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a34b5ba2-caa7-466d-8e8b-218689f670f4}: [DhcpNameServer] 71.10.216.2 71.10.216.1
Tcpip\..\Interfaces\{d22675a4-b80a-4f81-a851-395f465b7280}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Shaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-16]
Edge DownloadDir: Default -> C:\Users\Shaun\Desktop
Edge HomePage: Default -> hxxp://www.google.com/
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-04]
CHR Extension: (Docs) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-04]
CHR Extension: (Google Drive) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-17]
CHR Extension: (YouTube) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-04]
CHR Extension: (Sheets) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-23]
CHR Extension: (Gmail) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-17]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [301768 2019-08-12] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-10-12] (Dell Inc -> )
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel® RMT -> Intel Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-16 14:42 - 2021-11-16 14:42 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-11-16 14:41 - 2021-11-16 14:45 - 000016613 _____ C:\Users\Shaun\Desktop\FRST.txt
2021-11-16 06:58 - 2021-11-16 06:58 - 000000000 ____D C:\Users\Shaun\Desktop\FRST-OlderVersion
2021-11-16 06:57 - 2021-11-16 14:44 - 000000000 ____D C:\FRST
2021-11-16 06:55 - 2021-11-16 06:58 - 002311680 _____ (Farbar) C:\Users\Shaun\Desktop\FRST64.exe
2021-11-15 06:30 - 2021-11-15 06:30 - 000000000 ____D C:\WINDOWS\{20D7CF3A-C734-4F83-AD51-4EEB6D891407}
2021-11-13 06:59 - 2021-11-15 07:09 - 000019415 _____ C:\VEW.txt
2021-11-13 06:56 - 2021-11-13 06:56 - 000061440 _____ ( ) C:\Users\Shaun\Desktop\VEW.exe
2021-11-11 07:28 - 2021-11-11 07:28 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-11 07:27 - 2021-11-11 07:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-11 07:27 - 2021-11-11 07:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-11 07:26 - 2021-11-11 07:26 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 06:43 - 2021-11-11 06:43 - 000000000 ___HD C:\$WinREAgent
2021-11-03 18:33 - 2021-11-03 18:33 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 18:33 - 2021-11-03 18:33 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-19 14:04 - 2021-10-19 14:04 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2021-10-17 14:17 - 2021-10-17 14:27 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2021-10-17 14:12 - 2021-10-17 14:12 - 000000000 ____D C:\Users\Default\AppData\Roaming\Intel Corporation
2021-10-17 14:12 - 2021-10-17 14:12 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation
2021-10-17 14:11 - 2021-10-17 14:11 - 000000000 ____D C:\Program Files\Common Files\Intel
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-16 14:42 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-16 14:41 - 2019-06-04 16:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-16 14:37 - 2020-11-17 12:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-16 14:37 - 2020-11-17 12:17 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-16 14:37 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-16 14:37 - 2018-03-13 21:28 - 000000000 __SHD C:\Users\Shaun\IntelGraphicsProfiles
2021-11-16 14:37 - 2017-08-21 13:38 - 000000000 ____D C:\Intel
2021-11-16 14:36 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-16 14:33 - 2020-11-17 12:37 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{839F4962-EE57-40F5-8E52-E3261F4F060A}
2021-11-16 10:52 - 2020-11-17 12:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-15 09:07 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-15 09:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-15 06:48 - 2018-03-15 16:40 - 000000000 ____D C:\Users\Shaun\AppData\Local\Packages
2021-11-14 05:38 - 2020-06-23 16:22 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-14 05:38 - 2020-06-23 16:22 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-12 10:25 - 2020-11-17 12:32 - 000842482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-11 22:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-11-11 18:58 - 2017-08-21 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-11 07:40 - 2020-11-17 12:17 - 000436680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 07:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 07:35 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 06:39 - 2018-03-15 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 06:37 - 2018-03-15 00:33 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-05 16:33 - 2017-08-21 13:26 - 000000000 ____D C:\ProgramData\PCDr
2021-11-05 06:29 - 2020-11-17 12:37 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1717062034-1452997292-2084382277-1001
2021-11-05 06:29 - 2020-11-17 04:20 - 000002385 _____ C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-02 16:23 - 2019-06-04 16:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-02 16:23 - 2019-06-04 16:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-02 13:33 - 2018-05-10 08:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-17 14:47 - 2018-06-13 04:26 - 000000000 ____D C:\ProgramData\Packages
2021-10-17 14:47 - 2018-03-13 21:28 - 000000000 ____D C:\Users\Shaun\AppData\Local\Publishers
2021-10-17 14:34 - 2017-08-21 13:32 - 000000000 ____D C:\ProgramData\Intel
2021-10-17 14:26 - 2017-08-21 13:32 - 000000000 ____D C:\ProgramData\Package Cache
2021-10-17 14:23 - 2017-08-21 13:32 - 000000000 ____D C:\Program Files\Intel
2021-10-17 14:22 - 2017-08-21 13:32 - 000000000 ____D C:\Program Files (x86)\Intel
2021-10-17 14:15 - 2017-08-21 13:35 - 000000000 ____D C:\Program Files (x86)\Dell Wireless
2021-10-17 14:14 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2021-10-17 14:12 - 2017-08-21 13:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
 
==================== Files in the root of some directories ========
 
2021-11-13 06:49 - 2021-11-13 06:53 - 000004020 _____ () C:\Users\Shaun\AppData\Local\PlariumPlay.log
2021-10-16 18:00 - 2021-10-16 18:00 - 000007639 _____ () C:\Users\Shaun\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#58
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Shaun (16-11-2021 14:47:46)
Running from C:\Users\Shaun\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-11-17 17:38:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1717062034-1452997292-2084382277-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1717062034-1452997292-2084382277-503 - Limited - Disabled)
Guest (S-1-5-21-1717062034-1452997292-2084382277-501 - Limited - Disabled)
Shaun (S-1-5-21-1717062034-1452997292-2084382277-1001 - Administrator - Enabled) => C:\Users\Shaun
WDAGUtilityAccount (S-1-5-21-1717062034-1452997292-2084382277-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{388A412B-5C0C-4C1E-8BF7-B6E9E117F367}) (Version: 4.4.2.9869 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{4990dc23-fdee-4fec-8bde-9f5d4745f88b}) (Version: 4.4.2.9869 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.4.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2105.15.0.2157 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.0.0_x64__htrsf667h5kn2 [2021-08-06] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-09-14] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-02] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.10.188.0_x64__rz1tebttyb220 [2021-10-13] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-14] (Dropbox Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-17] (INTEL CORP) [Startup Task]
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-28] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2021.922.2.0_x64__8kea50m9krsh2 [2021-10-17] (Code Spark)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-02-12] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-28] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-03-13] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-13] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-17] (CYBERLINK CORPORATION.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2020-02-12] (WinZip Computing)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-01-14 14:50 - 2020-01-14 14:51 - 032162304 _____ () [File not signed] C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96\DropboxUniversal.dll
2018-12-18 04:39 - 2018-12-18 04:39 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96\e_sqlite3.dll
2021-08-11 14:16 - 2021-08-11 14:16 - 000016384 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2\Dell.D3.HSA.Client.dll
2021-08-11 14:16 - 2021-08-11 14:16 - 022701568 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2\Dell.D3.UWP.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = 
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8057CBD6-21A2-4EE1-AC42-95E08676F319}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{03FC484A-0C52-4799-B315-F1C27395241C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{D6D82AB8-7573-4306-B294-8C0551FEEBFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F84A851D-D946-4364-AD43-25C3F6689B02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EA3867D6-C96D-4988-84E6-9CFB646891D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1166ABA-0253-4F4C-BFC8-55EA6B210B59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEFED289-A9BD-4E00-A406-9C856B93530A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{451E4A60-3F60-4D45-A5F5-4D2E3476E406}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F246379C-7631-4B14-9722-8ACB26529DD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{93DE25E0-C857-4E34-B40E-2B1A8958171D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9F90F39-4A4D-4DB5-AF35-A02898A86185}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B4DC056-D39C-4303-ABAA-14A0E2B50B43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3196DE9A-614F-43A3-905F-89C964A41E9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65FFA6C5-7D25-4481-BAD8-F7A4C292186A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{362A7311-E00C-4814-9DE9-6F03F93A2F59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{297FF032-C880-4004-9508-935C8D27FEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{58B0A977-3FE2-4402-9AE8-D58BD704BA15}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
24-10-2021 04:17:38 O&O ShutUp10++
02-11-2021 14:24:30 Scheduled Checkpoint
10-11-2021 06:39:25 Windows Modules Installer
11-11-2021 06:40:35 Windows Modules Installer
15-11-2021 06:48:20 Removed SmartByte Drivers and Services.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/15/2021 06:30:13 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (11/12/2021 10:09:37 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/11/2021 10:00:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (11/10/2021 09:17:51 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (11/08/2021 06:27:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program identity_helper.exe version 95.0.1020.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2cf0
 
Start Time: 01d7d4937c6a3cb3
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe
 
Report Id: 6c5aa0f3-ad1a-42a2-a78c-dc9af3440042
 
Faulting package full name: Microsoft.MicrosoftEdge.Stable_95.0.1020.40_neutral__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (11/03/2021 09:33:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (10/28/2021 12:29:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (10/20/2021 09:13:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (11/16/2021 02:35:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CMF42HE)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (11/16/2021 02:35:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CMF42HE)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-11-14 14:47:06
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-11-13 15:25:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-11-12 16:52:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-11-12 16:19:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-11-12 15:03:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-10-17 15:12:20
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Installer\MSI99E2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-10-14 12:28:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-10-14 10:42:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2021-10-14 10:39:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-10-14 10:37:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.17.1 07/30/2021
Motherboard: Dell Inc. 07F37C
Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 80%
Total physical RAM: 4004.03 MB
Available physical RAM: 770.25 MB
Total Virtual: 9636.03 MB
Available Virtual: 5792.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.8 GB) (Free:854.49 GB) NTFS
 
\\?\Volume{5628e818-bc28-416b-a394-320b3ab3447d}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{559769b0-1b03-4394-9f4c-5b80ce85e54f}\ (Image) (Fixed) (Total:11.54 GB) (Free:0.2 GB) NTFS
\\?\Volume{756d53f9-9b75-42ea-b8ab-c09b2a7e718e}\ (DELLSUPPORT) (Fixed) (Total:1.04 GB) (Free:0.35 GB) NTFS
\\?\Volume{dee77eb3-7747-412e-a909-4f920ff25df5}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 433315AF)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,044 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   2.79KB   9 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
Is it still slow booting?
 

  • 0

#60
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Response time for the machine seems better today.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Shaun (17-11-2021 12:38:11) Run:1
Running from C:\Users\Shaun\Desktop
Loaded Profiles: Shaun
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\Run: [MicrosoftEdgeAutoLaunch_F95D26AAF271BBEFBD774A1AC86EDFBB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --profile-directory=Default --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switche (the data entry has 131 more characters).
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP CMF42HE 01
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-22]
File: C:\WINDOWS\SysWOW64\TpmTool.exe
File: C:\WINDOWS\system32\runexehelper.exe
File: C:\WINDOWS\system32\TpmTool.exe
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
FirewallRules: [{8057CBD6-21A2-4EE1-AC42-95E08676F319}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{03FC484A-0C52-4799-B315-F1C27395241C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
File: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
*****************
 
"HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_F95D26AAF271BBEFBD774A1AC86EDFBB" => removed successfully
"HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
C:\WINDOWS\Tasks\RunDLC.job => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-22] => Error: No automatic fix found for this entry.
 
========================= File: C:\WINDOWS\SysWOW64\TpmTool.exe ========================
 
C:\WINDOWS\SysWOW64\TpmTool.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1348.cat
File is digitally signed
MD5: 1E1AF2905A49BB1AB14B081E3A41AD44
Creation and modification date: 2021-11-11 07:27 - 2021-11-11 07:27
Size: 000223744
Attributes: ----A
Company Name: Microsoft Windows -> 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\system32\runexehelper.exe ========================
 
C:\WINDOWS\system32\runexehelper.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1348.cat
File is digitally signed
MD5: 8BB7F1C55F4DF7CEFF9291FDB77F780B
Creation and modification date: 2021-11-11 07:27 - 2021-11-11 07:27
Size: 000060928
Attributes: ----A
Company Name: Microsoft Windows -> 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\system32\TpmTool.exe ========================
 
C:\WINDOWS\system32\TpmTool.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1348.cat
File is digitally signed
MD5: 26BD91AFD432B93EF3BF42458B5B6B8F
Creation and modification date: 2021-11-11 07:26 - 2021-11-11 07:26
Size: 000272384
Attributes: ----A
Company Name: Microsoft Windows -> 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
"AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8057CBD6-21A2-4EE1-AC42-95E08676F319}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03FC484A-0C52-4799-B315-F1C27395241C}" => removed successfully
 
========================= File: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe ========================
 
"C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe" => not found
====== End of File: ======
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:38:56 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP