Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WIndows 10 computer running slow - (ONE)


  • Please log in to reply

#1
ritag1950

ritag1950

    New Member

  • Member
  • Pip
  • 6 posts

I have older computer running slow and wanting to make sure that it is not infected with malware or something.  Browser open slowly and some of my Microsoft Office on my computer open slowly.

 

Here is FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by Rita (administrator) on RITA-PC (Dell Inc. Inspiron 660s) (22-11-2022 15:47:05)
Running from C:\Users\Rita\Desktop
Loaded Profiles: Rita
Platform: Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe ->) (Innovative Solutions Grup SRL -> ) C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc64helper.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCopyAccelerator.exe
(C:\Users\Rita\Desktop\FRST64.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe <7>
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(explorer.exe ->) () [File not signed] C:\Program Files (x86)\Snood Plus\Snood Plus.exe
(explorer.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Innovative Solutions Grup SRL -> Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <15>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(services.exe ->) (CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.55.43072.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1977696 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Run: [STC] => C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe [4534136 2013-09-17] (Innovative Solutions Grup SRL -> Innovative Solutions)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Run: [Dropbox Update] => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Uninstall 22.217.1016.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\22.217.1016.0002" (No File)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-13] (Microsoft Windows -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MG6600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC9.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2009-07-13] (Microsoft Windows -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6600 series: C:\WINDOWS\system32\CNMLMC9.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-10] (Google LLC -> Google LLC)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2022-11-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2016-12-26]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Rita\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03100940-1892-4213-A90D-4FCD534CDE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-17] (Google Inc -> Google Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {199A893F-5634-4B26-84E2-7F794BF8FCE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-17] (Google Inc -> Google Inc.)
Task: {1CAD724A-9E67-4C17-AAE5-DE46A6B73ED7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {211B2AC7-DB9A-44A5-A96C-D066D20524FB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33F353FA-50CD-4F84-A9CB-1D2BB18CAE01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3BFCA875-5DFF-479B-8C72-37B24A437D63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3FEBF435-486A-49F2-9CE2-2FD5630FEB80} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {48E4813C-B989-4640-A228-09E1824AE284} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {4BD6EF58-08E8-48BD-84CD-6F5446BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5758F904-E1B0-4887-AD55-0BB4A61B9872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {588C9065-46F7-43DF-B8EC-93009536CE1B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5A2E72AE-B75E-4474-B1A3-E42822B2CD03} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5F009384-6AB8-4DEC-9AF0-337B1AD16F30} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {75E5D3F4-6C20-49C8-AECB-FB0E6A50051D} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {77920BBC-9922-4460-8B21-3754D6B552CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {890616E5-36F6-4CEE-BE94-1E42F9384377} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9148267C-F196-4E09-A53B-7B74AAF0C919} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9A541DB9-CA63-469F-A6F6-99ADBBBACF34} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {A53788A0-5AC7-4F4B-9A48-088057B39BF4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219 => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A9ED96EE-F60E-43C3-8861-B0A1947D4D55} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
Task: {AA2F88D5-D337-4806-A3F1-8FB4CA56F92B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B53DB898-D8F4-4863-AE87-2A6F1D53F9F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C1414F75-38DD-43C0-AEE8-2E8C4E31015F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C4153505-ACCA-409F-80C4-311CEF35D420} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CD680754-8BC6-48E0-86A1-07EFAD601843} - \WPD\SqmUpload_S-1-5-21-982068928-1266911721-445647910-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EE551988-C74A-41BD-83E8-803D24CD9CEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F0935368-5E8B-4A8B-BB09-098B2567E612} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219.job => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f.job => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{a182d5c7-a9f6-4ab5-83d7-3994a2bf3f4a}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{c3947a17-de22-4b4a-8dfd-e70d393759fe}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Edge:
=======
DownloadDir: C:\Users\Rita\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-14]
Edge DownloadDir: Default -> C:\Users\Rita\Downloads

FireFox:
========
FF DefaultProfile: 8xtqtq8g.default
FF ProfilePath: C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\8xtqtq8g.default [2022-11-22]
FF Notifications: Mozilla\Firefox\Profiles\8xtqtq8g.default -> hxxps://www.pinterest.com
FF Extension: (PDF Editor and Search by PDFtab) - C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\8xtqtq8g.default\Extensions\{82c0173d-b61d-4cd3-8e01-ffc56211a71c}.xpi [2022-09-05] [UpdateUrl:hxxps://cdn.pdftab-cdn.com/xpi/pdftab/yhs/0721/search/updates.json]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2022-11-21]
CHR Notifications: Default -> hxxps://www.allrecipes.com; hxxps://www.facebook.com; hxxps://www.menuswithprice.com
CHR NewTab: Default ->  Not-active:"chrome-extension://clhjnecnbbjpgnghodmifdmagppiceia/newtab/quicktab.html", Not-active:"chrome-extension://giojhdacejeffoobipkdpmpaiajendbc/newtab/slim_newtabpage.html"
CHR Extension: (Easy Converter) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhjnecnbbjpgnghodmifdmagppiceia [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-09]
CHR Extension: (The Reading Hub) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\giojhdacejeffoobipkdpmpaiajendbc [2018-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-06-09]
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\System Profile [2020-06-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [115648 2015-08-04] (Andrea Electronics -> Andrea Electronics Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] [File is in use]
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [334688 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] (CyberLink -> )
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2012-08-05] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-22 15:47 - 2022-11-22 15:50 - 000025657 _____ C:\Users\Rita\Desktop\FRST.txt
2022-11-22 15:46 - 2022-11-22 15:46 - 000000000 ____D C:\Users\Rita\Desktop\FRST-OlderVersion
2022-11-22 15:45 - 2022-11-22 15:49 - 000000000 ____D C:\FRST
2022-11-22 15:42 - 2022-11-22 15:46 - 002375680 _____ (Farbar) C:\Users\Rita\Desktop\FRST64.exe
2022-11-13 16:12 - 2022-11-13 16:12 - 000135536 _____ C:\Users\Rita\Downloads\124339894259.JPEG
2022-11-11 00:48 - 2022-11-11 00:48 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-11-09 07:43 - 2022-11-09 07:43 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-09 07:43 - 2022-11-09 07:43 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-09 07:42 - 2022-11-09 07:42 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-09 07:41 - 2022-11-09 07:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-09 07:15 - 2022-11-09 07:15 - 000000000 ___HD C:\$WinREAgent
2022-11-05 04:02 - 2022-11-15 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-22 15:36 - 2022-02-08 16:01 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-22 15:35 - 2020-08-10 17:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-22 15:35 - 2016-11-23 11:32 - 000000000 ____D C:\Users\Rita\AppData\LocalLow\Mozilla
2022-11-22 15:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-22 15:30 - 2017-02-17 11:14 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-22 13:17 - 2013-01-28 12:52 - 000000000 ____D C:\Users\Rita\Documents\XmasLists
2022-11-22 08:06 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-22 04:00 - 2015-01-13 19:46 - 000000000 ____D C:\ProgramData\IDrive
2022-11-21 09:35 - 2017-09-01 22:16 - 000000000 ____D C:\Users\Rita\Documents\Exchange
2022-11-20 11:43 - 2013-01-28 12:52 - 000000000 ____D C:\Users\Rita\Documents\XmasPoems
2022-11-19 01:13 - 2020-07-10 22:06 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-19 01:13 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-17 19:34 - 2021-12-10 17:56 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-982068928-1266911721-445647910-1001
2022-11-17 19:34 - 2020-08-10 18:23 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-982068928-1266911721-445647910-1001
2022-11-17 19:34 - 2020-08-10 17:50 - 000002417 _____ C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-17 19:34 - 2014-08-27 17:29 - 000000000 ___RD C:\Users\Rita\OneDrive
2022-11-17 09:10 - 2022-04-14 18:38 - 000000000 ____D C:\Users\Rita\Documents\Easter Jokes
2022-11-15 11:45 - 2021-07-27 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-11-15 11:45 - 2014-11-18 14:52 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-11-15 11:45 - 2014-11-18 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-14 21:06 - 2020-08-10 18:23 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-14 21:06 - 2020-08-10 18:23 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-12 11:46 - 2022-05-25 17:45 - 000001461 _____ C:\Users\Rita\Desktop\Roblox Player.lnk
2022-11-12 11:46 - 2022-05-25 17:45 - 000001284 _____ C:\Users\Rita\Desktop\Roblox Studio.lnk
2022-11-12 11:46 - 2021-01-27 11:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-11-11 00:49 - 2022-06-08 19:46 - 000000000 ____D C:\Users\Rita\AppData\Roaming\DropboxElectron
2022-11-11 00:49 - 2015-06-17 23:27 - 000000000 ____D C:\Users\Rita\AppData\Local\Dropbox
2022-11-11 00:49 - 2013-08-20 10:05 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Dropbox
2022-11-10 19:32 - 2017-02-17 11:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-10 19:32 - 2017-02-17 11:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-11-10 17:52 - 2018-05-15 10:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-09 17:47 - 2020-08-10 18:04 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-09 17:47 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-09 17:40 - 2020-08-10 18:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-09 17:40 - 2020-08-10 17:47 - 000458920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-09 17:40 - 2020-08-10 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-09 17:39 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-09 07:51 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-09 07:41 - 2020-08-10 17:52 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-09 07:13 - 2013-08-14 02:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-09 07:07 - 2013-01-24 18:45 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-01 19:05 - 2021-01-22 04:57 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2015-03-20 13:04 - 2015-03-20 13:04 - 000000016 ____H () C:\Users\Rita\SyncToy_2ae4eca7-6b64-4c1a-9253-2bd8b91822c0.dat
2013-01-29 15:32 - 2013-01-29 15:32 - 000025334 _____ () C:\Users\Rita\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-02-23 19:04 - 2021-11-20 14:36 - 000007623 _____ () C:\Users\Rita\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Here is Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by Rita (22-11-2022 15:52:34)
Running from C:\Users\Rita\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) (2020-08-11 00:24:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-982068928-1266911721-445647910-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-982068928-1266911721-445647910-503 - Limited - Disabled)
Guest (S-1-5-21-982068928-1266911721-445647910-501 - Limited - Disabled)
Rita (S-1-5-21-982068928-1266911721-445647910-1001 - Administrator - Enabled) => C:\Users\Rita
WDAGUtilityAccount (S-1-5-21-982068928-1266911721-445647910-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA Forms Helper 2016 version 2.0.0.0 (HKLM-x32\...\{EAB1A7E8-3811-47CF-9D69-202DD3729DA7}_is1) (Version: 2.0.0.0 - ADAMS Business Forms)
Adobe AIR (HKLM-x32\...\{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
BVS Solitaire Collection version 7.3 (HKLM-x32\...\BVSSOL_is1) (Version: 7.3 - BVS Development Corporation)
CloneSpy 3.24 - 64 bit (HKLM\...\CloneSpy) (Version: 3.24 - The CloneSpy Team)
Cool Edit 2000 (HKLM-x32\...\Cool Edit 2000) (Version:  - )
Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink LabelPrint 2.5 (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3324.55 - CyberLink Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Dropbox (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Dropbox) (Version: 161.4.4923 - Dropbox, Inc.)
Easy Calendar 3.6 (HKLM-x32\...\Easy Calendar_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
IDrive version 6.7.3.6 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.6 - Pro Softnet Corp)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}) (Version: 1.24.738.1 - Intel Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 107.0 (x64 en-US)) (Version: 107.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 107.0.0.8349 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
paint.net (HKLM\...\{E56D2CED-CCAE-4902-A559-17B452752DA5}) (Version: 4.3.10 - dotPDN LLC)
Photo Common (HKLM-x32\...\{D888F114-7537-4D48-AF03-5DA9C82D7540}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{30F99474-EBE3-4134-A02B-F6CD38CFE243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{FC6C7107-7D72-41A1-A031-3CE751159BAB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Quick Solitaire 3.3 (remove only) (HKLM-x32\...\Quick Solitaire 3.3) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Roblox Player for Rita (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Rita (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\roblox-studio) (Version:  - Roblox Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: 1.0.1.3 - GameHouse, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
Snood Plus (HKLM-x32\...\{A8A30EFF-C39B-492E-BEE6-3675B06115AC}) (Version: 1.5.1 - Snood, LLC)
System Tray Cleaner 4 (HKLM-x32\...\STC3_is1) (Version:  - Innovative Solutions)
Tax Forms Helper 2016 12.5 (HKLM-x32\...\Tax Forms Helper 2016_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Live Communications Platform (HKLM-x32\...\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{C034A6F9-6569-491B-B3BF-F5D15221A708}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{18272881-CFC0-434D-A975-E5BE44206AA0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-18] (Amazon.com)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.26.33.0_x64__kgqvnymyfvs32 [2022-11-09] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.231.400.0_x64__kgqvnymyfvs32 [2022-11-16] (king.com)
Dell | Getting Started with Windows 8 -> C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2 [2013-09-07] (Dell Inc)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-28] (Dell Inc)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_7.4.14.0_x86__h6adky7gbf63m [2022-11-16] (Gameloft SE)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Garmin Connect Mobile -> C:\Program Files\WindowsApps\Garmin.GarminConnectMobile_3.24.1.0_x64__xpnz26pswwvpm [2018-05-18] (GARMIN INTERNATIONAL INC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-02] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-21] (AMZN Mobile LLC)
McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2018-03-26] (McAfee Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
PDF to JPEG -> C:\Program Files\WindowsApps\40066DaniyalSyed.PDFtoJPEG_1.2.0.1000_x64__qzfwg6dxbppre [2019-05-24] (Daniyal Syed) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-04] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Rita\Dropbox [2013-08-20 10:08]
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [Dropbox] =>
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-11] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers1_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-19 18:58 - 2020-02-18 12:19 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2020-02-19 18:58 - 2020-02-18 12:19 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2016-02-23 15:44 - 2016-02-23 15:44 - 000232960 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\jpeg.dll
2016-02-23 15:54 - 2016-02-23 15:54 - 000168448 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\libpng16.dll
2016-02-23 15:54 - 2016-02-23 15:54 - 000347136 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\libtiff.dll
2016-02-23 15:01 - 2016-02-23 15:01 - 000845045 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\OpenAL32.dll
2016-02-23 16:01 - 2016-02-23 16:01 - 000259072 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\SDL.dll
2016-02-23 16:03 - 2016-02-23 16:03 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\SDL_image.dll
2016-02-23 15:54 - 2016-02-23 15:54 - 000068096 _____ () [File not signed] C:\Program Files (x86)\Snood Plus\zlib.dll
2022-06-15 18:52 - 2022-06-15 18:52 - 000019968 _____ (Intel Corp.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\291c5fe0d8bab360b1a1814089f653cc\IAStorCommon.ni.dll
2012-12-21 09:11 - 2012-07-09 13:46 - 000269312 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\PsiData.dll
2012-12-21 09:11 - 2012-07-09 13:46 - 000497664 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2022-08-11 19:49 - 2022-08-11 19:49 - 000075264 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMgr\af229c3ff7e92c037723af25ada5e23e\IAStorDataMgr.ni.dll
2022-08-11 19:50 - 2022-08-11 19:50 - 000643584 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PsiData\696f9184aa815c829955ca1c52356a5e\PsiData.ni.dll
2022-08-11 19:50 - 2022-08-11 19:50 - 000027136 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\85ebdf519a1b31af32afceb97ad8b8ff\IAStorDataMgrSvcInterfaces.ni.dll
2018-12-04 12:10 - 2018-12-04 12:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2016-09-14 17:44 - 2016-09-14 17:44 - 001430016 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ww2.cox.com/myconnection/home.cox
HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {2D801953-D4B1-48A7-AB27-93939588C95B} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1E32FF4B-B452-49E9-A280-C64C5D385E92}&mid=43f6e88fb41f47cfb87aa90c82de5fc2-9ddada91f9eb260d88545ab18e9091067752ee4f&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116av&pr=fr&d=2016-11-14 22:33:32&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {3D53B8B8-D037-4974-B852-C0D2D30556A7} file:///E:/win/setup/iaDefDvd.dll
DPF: HKLM-x32 {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2018-12-03 08:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-982068928-1266911721-445647910-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rita\Pictures\Screensavers\corn800x600.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0A7BA459-7B71-4C33-9395-196A8CA33713}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F78A1061-301D-4C85-920D-E317B79F78BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{496E5FEE-692A-4BE4-B962-62356CD2006E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6D1D4752-CA4F-44A3-BEE0-144AED874BE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7374683C-B744-4C0B-A174-2190991C112B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{406A997F-A878-42DD-8785-0CB7CDFD15A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{DC6B2929-E203-4080-8DD8-0B4B3B83EF51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A469229-F881-446C-A23C-76E562F96B48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{64B11C11-F447-47CC-9A38-13FCD2F9A5E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A8A5F728-201E-44DE-B7EA-388EEDC3C176}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4D225C38-4DC7-47BB-AB2B-831A9802ADEB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{078FC5F0-8FB4-464B-93B5-3FC430B4A7AF}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8D860539-E1F3-44E9-800F-A56C532CD69F}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F01AF287-9CB9-48FE-AD77-F7A1CC38006C}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{52FA5597-F989-4F9D-8355-937313E9DFD8}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{12F6B5C8-E5AD-4DD6-91C8-82A0BBCB1860}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F9A55B2E-7AB1-4967-B00F-D052398BBFFB}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2433B4BC-5401-4D4B-AC6A-F122688B0CE0}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{08FDF63F-697F-41C6-A1F0-04207F6580A1}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2E424CFF-FA51-4569-8820-FED48F16FEED}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2CC5835D-7976-48FB-89C6-508C3EB85CEC}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FB8359A6-2BE5-418D-AD13-4435F7A9EA28}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4BB7629A-BAB3-4C90-8FDE-6AC9A6435C67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{2DEF9578-7822-4098-9E21-18EF12A9517D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [UDP Query User{CA775CD7-0A6F-4BC2-835F-89128379C624}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{0201B2D1-4574-4521-A133-1CA485CB140F}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8B70E90B-2790-40F7-9041-DA3BCE11CB32}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5F1F1DE3-AAD7-4840-BA5B-055807A4C1F7}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{66F1E3C3-4939-4AFA-BAF5-7621EFCA164E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FA49C3AF-FDDA-4D3E-AA92-9F79928C6ABB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{8537FD72-98DB-43D5-963C-3BC04FC54A17}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{1D4DBF53-4F43-4668-8F83-5F9B6899BAB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3851A386-5E18-4200-B5A8-4407CF526B98}] => (Allow) LPort=2869
FirewallRules: [{2F4A67B1-7C65-41EA-8A95-12653AB635E7}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A7AFAE59-7C5A-466B-8992-F18EA51B7998}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{8A6D6AA6-D12B-4FA2-A897-4AD91B08A0DF}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{3B46E4A3-8CFD-4D16-A379-245ADE28B9F4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{78A5F31E-99A8-4600-AAB4-E6E96B86D614}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{D5A6E07A-8328-4F56-B423-19CEB0D5BC3E}] => (Allow) C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{2B1A2EA6-2656-4A78-AEEF-A06EA3C2E896}] => (Allow) C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F4E8580E-1E5B-4A15-A7C5-F5EA764120C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
FirewallRules: [{88AC9400-55F4-4B2A-9343-B726DEEB66BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
FirewallRules: [{91BBE621-3EB5-4749-BF93-B1E1CFF045C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9FB58893-E5B1-4C6F-BF6D-7F0A6EE3FE87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80D07DAB-D854-496B-9C7D-09319955471B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{813B3CB7-5856-4D0A-8A80-5234255588C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85DE6C50-5B79-44BF-81C5-30C1235BC644}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9AF1D4EE-4326-4611-8650-3CD0A5557357}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-11-2022 19:12:16 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/21/2022 11:44:52 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (11/21/2022 11:44:52 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/20/2022 04:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x3010
Faulting application start time: 0x01d8fd2d22179688
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: 32129614-4b42-44cd-acac-bc32ec165390
Faulting package full name:
Faulting package-relative application ID:

Error: (11/19/2022 09:53:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x326c
Faulting application start time: 0x01d8fc2f0393408e
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: d4278512-8b7e-498e-892d-1d247fe6fcf9
Faulting package full name:
Faulting package-relative application ID:

Error: (11/17/2022 12:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x2e88
Faulting application start time: 0x01d8fab65dfa46d7
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: 4027ba93-8689-42ef-a3fb-a1e22d3d0482
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2022 10:28:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Rita_Backup (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/15/2022 10:28:14 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/15/2022 10:28:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (11/22/2022 11:42:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (11/21/2022 11:47:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (11/20/2022 12:11:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (11/19/2022 11:15:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (11/18/2022 05:11:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (11/18/2022 11:43:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (11/17/2022 02:24:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (11/17/2022 11:56:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-11-22 03:58:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...73&enterprise=0
Name: PUADlManager:Win32/DownloadAdmin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
Security intelligence Version: AV: 1.379.715.0, AS: 1.379.715.0, NIS: 1.379.715.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 18:09:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-11-21 03:55:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...73&enterprise=0
Name: PUADlManager:Win32/DownloadAdmin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
Security intelligence Version: AV: 1.379.673.0, AS: 1.379.673.0, NIS: 1.379.673.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-20 19:41:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-11-20 03:58:16
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...73&enterprise=0
Name: PUADlManager:Win32/DownloadAdmin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
Security intelligence Version: AV: 1.379.628.0, AS: 1.379.628.0, NIS: 1.379.628.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

CodeIntegrity:
===============
Date: 2022-11-22 15:36:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-11-22 15:36:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A07 08/24/2012
Motherboard: Dell Inc. 0478VN
Processor: Intel® Pentium® CPU G645 @ 2.90GHz
Percentage of memory in use: 67%
Total physical RAM: 8061.59 MB
Available physical RAM: 2616.16 MB
Total Virtual: 11312.27 MB
Available Virtual: 2049.65 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.19 GB) (Free:243.94 GB) (Model: ST500DM002-1BD142) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rita_Backup) (Fixed) (Total:465.22 GB) (Free:81.32 GB) NTFS

\\?\Volume{05149299-4b45-4129-946c-d611bc3b0c50}\ (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
\\?\Volume{c2eec83c-5e73-43e3-84d3-5caad5d6f665}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
\\?\Volume{c6318728-dc44-4ee6-8c4d-533549c7ba87}\ (PBR Image) (Fixed) (Total:6.6 GB) (Free:0.3 GB) NTFS
\\?\Volume{53be4f87-278d-4ebe-b69d-97c6e6a97bc2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0967E9DC)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 447E5792)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

========================

 

Just letting you know that I'll review your logs tomorrow, since it is late now. My time zone is CET +1.


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Hello.
 
No sign of an infection in these logs, but some things need addressing.
 
1. Uninstall programs/apps
 
Please uninstall:
 
Amazon Browser (if not needed) and McAfee® Central for Dell. 
 
To do so:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
McAfee® Central for Dell
  • Select the above program and click Uninstall.
  • Restart the computer.
  • Repeat for Amazon Browser if you wish.

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Uninstall 22.217.1016.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\22.217.1016.0002" (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1CAD724A-9E67-4C17-AAE5-DE46A6B73ED7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33F353FA-50CD-4F84-A9CB-1D2BB18CAE01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3BFCA875-5DFF-479B-8C72-37B24A437D63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48E4813C-B989-4640-A228-09E1824AE284} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {4BD6EF58-08E8-48BD-84CD-6F5446BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5758F904-E1B0-4887-AD55-0BB4A61B9872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A2E72AE-B75E-4474-B1A3-E42822B2CD03} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5F009384-6AB8-4DEC-9AF0-337B1AD16F30} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9148267C-F196-4E09-A53B-7B74AAF0C919} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AA2F88D5-D337-4806-A3F1-8FB4CA56F92B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B53DB898-D8F4-4863-AE87-2A6F1D53F9F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C1414F75-38DD-43C0-AEE8-2E8C4E31015F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CD680754-8BC6-48E0-86A1-07EFAD601843} - \WPD\SqmUpload_S-1-5-21-982068928-1266911721-445647910-1001 -> No File <==== ATTENTION
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EE551988-C74A-41BD-83E8-803D24CD9CEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F0935368-5E8B-4A8B-BB09-098B2567E612} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {2D801953-D4B1-48A7-AB27-93939588C95B} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1E32FF4B-B452-49E9-A280-C64C5D385E92}&mid=43f6e88fb41f47cfb87aa90c82de5fc2-9ddada91f9eb260d88545ab18e9091067752ee4f&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116av&pr=fr&d=2016-11-14 22:33:32&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {3D53B8B8-D037-4974-B852-C0D2D30556A7} file:///E:/win/setup/iaDefDvd.dll
DPF: HKLM-x32 {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll
FirewallRules: [{0A7BA459-7B71-4C33-9395-196A8CA33713}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F78A1061-301D-4C85-920D-E317B79F78BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{496E5FEE-692A-4BE4-B962-62356CD2006E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6D1D4752-CA4F-44A3-BEE0-144AED874BE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7374683C-B744-4C0B-A174-2190991C112B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{406A997F-A878-42DD-8785-0CB7CDFD15A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{078FC5F0-8FB4-464B-93B5-3FC430B4A7AF}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8D860539-E1F3-44E9-800F-A56C532CD69F}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F01AF287-9CB9-48FE-AD77-F7A1CC38006C}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{52FA5597-F989-4F9D-8355-937313E9DFD8}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{12F6B5C8-E5AD-4DD6-91C8-82A0BBCB1860}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F9A55B2E-7AB1-4967-B00F-D052398BBFFB}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{08FDF63F-697F-41C6-A1F0-04207F6580A1}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2E424CFF-FA51-4569-8820-FED48F16FEED}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2CC5835D-7976-48FB-89C6-508C3EB85CEC}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FB8359A6-2BE5-418D-AD13-4435F7A9EA28}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4BB7629A-BAB3-4C90-8FDE-6AC9A6435C67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{2DEF9578-7822-4098-9E21-18EF12A9517D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{8B70E90B-2790-40F7-9041-DA3BCE11CB32}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5F1F1DE3-AAD7-4840-BA5B-055807A4C1F7}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FA49C3AF-FDDA-4D3E-AA92-9F79928C6ABB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{8537FD72-98DB-43D5-963C-3BC04FC54A17}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [TCP Query User{A7AFAE59-7C5A-466B-8992-F18EA51B7998}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{8A6D6AA6-D12B-4FA2-A897-4AD91B08A0DF}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{3B46E4A3-8CFD-4D16-A379-245ADE28B9F4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{78A5F31E-99A8-4600-AAB4-E6E96B86D614}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{F4E8580E-1E5B-4A15-A7C5-F5EA764120C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
FirewallRules: [{88AC9400-55F4-4B2A-9343-B726DEEB66BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: netsh advfirewall reset
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If uninstalling McAfee ran smoothly
  2. What did you decide for Amazon Browser
  3. The fixlog.txt

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Hello.

 

Do you still need assistance? 


  • 0

#5
ritag1950

ritag1950

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Yes got hit with a darn head cold and will run this tomorrow.


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Hi, ritag1950.

 

Thanks for letting me know.

 

I wish you a speedy recovery.  :cheers:


  • 0

#7
ritag1950

ritag1950

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Feeling better.  I uninstalled McAfee Central by Dell, restarted computer, I uninstalled the Amazon Browser App (which 404'd on me when I tried to run it before the uninstall.)  Here is the Fixlog.txt info:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2022
Ran by Rita (28-11-2022 11:19:04) Run:1
Running from C:\Users\Rita\Desktop
Loaded Profiles: Rita
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\RunOnce: [Uninstall 22.217.1016.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rita\AppData\Local\Microsoft\OneDrive\22.217.1016.0002" (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1CAD724A-9E67-4C17-AAE5-DE46A6B73ED7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33F353FA-50CD-4F84-A9CB-1D2BB18CAE01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3BFCA875-5DFF-479B-8C72-37B24A437D63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48E4813C-B989-4640-A228-09E1824AE284} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {4BD6EF58-08E8-48BD-84CD-6F5446BF6B10} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5758F904-E1B0-4887-AD55-0BB4A61B9872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A2E72AE-B75E-4474-B1A3-E42822B2CD03} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5F009384-6AB8-4DEC-9AF0-337B1AD16F30} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9148267C-F196-4E09-A53B-7B74AAF0C919} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AA2F88D5-D337-4806-A3F1-8FB4CA56F92B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B53DB898-D8F4-4863-AE87-2A6F1D53F9F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C1414F75-38DD-43C0-AEE8-2E8C4E31015F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CD680754-8BC6-48E0-86A1-07EFAD601843} - \WPD\SqmUpload_S-1-5-21-982068928-1266911721-445647910-1001 -> No File <==== ATTENTION
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EE551988-C74A-41BD-83E8-803D24CD9CEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F0935368-5E8B-4A8B-BB09-098B2567E612} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {2D801953-D4B1-48A7-AB27-93939588C95B} URL =
SearchScopes: HKU\S-1-5-21-982068928-1266911721-445647910-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1E32FF4B-B452-49E9-A280-C64C5D385E92}&mid=43f6e88fb41f47cfb87aa90c82de5fc2-9ddada91f9eb260d88545ab18e9091067752ee4f&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116av&pr=fr&d=2016-11-14 22:33:32&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {3D53B8B8-D037-4974-B852-C0D2D30556A7} file:///E:/win/setup/iaDefDvd.dll
DPF: HKLM-x32 {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll
FirewallRules: [{0A7BA459-7B71-4C33-9395-196A8CA33713}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F78A1061-301D-4C85-920D-E317B79F78BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{496E5FEE-692A-4BE4-B962-62356CD2006E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6D1D4752-CA4F-44A3-BEE0-144AED874BE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7374683C-B744-4C0B-A174-2190991C112B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{406A997F-A878-42DD-8785-0CB7CDFD15A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{078FC5F0-8FB4-464B-93B5-3FC430B4A7AF}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8D860539-E1F3-44E9-800F-A56C532CD69F}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7543\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F01AF287-9CB9-48FE-AD77-F7A1CC38006C}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{52FA5597-F989-4F9D-8355-937313E9DFD8}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C45\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{12F6B5C8-E5AD-4DD6-91C8-82A0BBCB1860}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F9A55B2E-7AB1-4967-B00F-D052398BBFFB}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS6C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{08FDF63F-697F-41C6-A1F0-04207F6580A1}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2E424CFF-FA51-4569-8820-FED48F16FEED}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7DA3\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2CC5835D-7976-48FB-89C6-508C3EB85CEC}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FB8359A6-2BE5-418D-AD13-4435F7A9EA28}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS7CE9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4BB7629A-BAB3-4C90-8FDE-6AC9A6435C67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{2DEF9578-7822-4098-9E21-18EF12A9517D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{8B70E90B-2790-40F7-9041-DA3BCE11CB32}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5F1F1DE3-AAD7-4840-BA5B-055807A4C1F7}] => (Allow) C:\Users\Rita\AppData\Local\Temp\7zS593E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FA49C3AF-FDDA-4D3E-AA92-9F79928C6ABB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{8537FD72-98DB-43D5-963C-3BC04FC54A17}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [TCP Query User{A7AFAE59-7C5A-466B-8992-F18EA51B7998}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{8A6D6AA6-D12B-4FA2-A897-4AD91B08A0DF}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{3B46E4A3-8CFD-4D16-A379-245ADE28B9F4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{78A5F31E-99A8-4600-AAB4-E6E96B86D614}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe => No File
FirewallRules: [{F4E8580E-1E5B-4A15-A7C5-F5EA764120C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
FirewallRules: [{88AC9400-55F4-4B2A-9343-B726DEEB66BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: netsh advfirewall reset
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}" => removed successfully
"AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}" => removed successfully
"HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.217.1016.0002" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CAD724A-9E67-4C17-AAE5-DE46A6B73ED7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAD724A-9E67-4C17-AAE5-DE46A6B73ED7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33F353FA-50CD-4F84-A9CB-1D2BB18CAE01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33F353FA-50CD-4F84-A9CB-1D2BB18CAE01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BFCA875-5DFF-479B-8C72-37B24A437D63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BFCA875-5DFF-479B-8C72-37B24A437D63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48E4813C-B989-4640-A228-09E1824AE284}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48E4813C-B989-4640-A228-09E1824AE284}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BD6EF58-08E8-48BD-84CD-6F5446BF6B10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD6EF58-08E8-48BD-84CD-6F5446BF6B10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5758F904-E1B0-4887-AD55-0BB4A61B9872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5758F904-E1B0-4887-AD55-0BB4A61B9872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A2E72AE-B75E-4474-B1A3-E42822B2CD03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A2E72AE-B75E-4474-B1A3-E42822B2CD03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F009384-6AB8-4DEC-9AF0-337B1AD16F30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F009384-6AB8-4DEC-9AF0-337B1AD16F30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9148267C-F196-4E09-A53B-7B74AAF0C919}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9148267C-F196-4E09-A53B-7B74AAF0C919}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA2F88D5-D337-4806-A3F1-8FB4CA56F92B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2F88D5-D337-4806-A3F1-8FB4CA56F92B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B53DB898-D8F4-4863-AE87-2A6F1D53F9F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B53DB898-D8F4-4863-AE87-2A6F1D53F9F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1414F75-38DD-43C0-AEE8-2E8C4E31015F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1414F75-38DD-43C0-AEE8-2E8C4E31015F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD680754-8BC6-48E0-86A1-07EFAD601843}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD680754-8BC6-48E0-86A1-07EFAD601843}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-982068928-1266911721-445647910-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE551988-C74A-41BD-83E8-803D24CD9CEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE551988-C74A-41BD-83E8-803D24CD9CEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0935368-5E8B-4A8B-BB09-098B2567E612}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0935368-5E8B-4A8B-BB09-098B2567E612}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D801953-D4B1-48A7-AB27-93939588C95B} => removed successfully
HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{3D53B8B8-D037-4974-B852-C0D2D30556A7} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{3D53B8B8-D037-4974-B852-C0D2D30556A7} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A7BA459-7B71-4C33-9395-196A8CA33713}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F78A1061-301D-4C85-920D-E317B79F78BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{496E5FEE-692A-4BE4-B962-62356CD2006E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D1D4752-CA4F-44A3-BEE0-144AED874BE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7374683C-B744-4C0B-A174-2190991C112B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{406A997F-A878-42DD-8785-0CB7CDFD15A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{078FC5F0-8FB4-464B-93B5-3FC430B4A7AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D860539-E1F3-44E9-800F-A56C532CD69F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F01AF287-9CB9-48FE-AD77-F7A1CC38006C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52FA5597-F989-4F9D-8355-937313E9DFD8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12F6B5C8-E5AD-4DD6-91C8-82A0BBCB1860}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9A55B2E-7AB1-4967-B00F-D052398BBFFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08FDF63F-697F-41C6-A1F0-04207F6580A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E424CFF-FA51-4569-8820-FED48F16FEED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CC5835D-7976-48FB-89C6-508C3EB85CEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB8359A6-2BE5-418D-AD13-4435F7A9EA28}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BB7629A-BAB3-4C90-8FDE-6AC9A6435C67}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DEF9578-7822-4098-9E21-18EF12A9517D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B70E90B-2790-40F7-9041-DA3BCE11CB32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F1F1DE3-AAD7-4840-BA5B-055807A4C1F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA49C3AF-FDDA-4D3E-AA92-9F79928C6ABB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8537FD72-98DB-43D5-963C-3BC04FC54A17}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7AFAE59-7C5A-466B-8992-F18EA51B7998}C:\program files (x86)\cricut-craft room\ccrbridge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A6D6AA6-D12B-4FA2-A897-4AD91B08A0DF}C:\program files (x86)\cricut-craft room\ccrbridge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B46E4A3-8CFD-4D16-A379-245ADE28B9F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78A5F31E-99A8-4600-AAB4-E6E96B86D614}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4E8580E-1E5B-4A15-A7C5-F5EA764120C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88AC9400-55F4-4B2A-9343-B726DEEB66BC}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.2251


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         3.9%                           ]

[==                         4.2%                           ]

[==                         4.2%                           ]

[==                         4.3%                           ]

[==                         4.5%                           ]

[==                         4.5%                           ]

[==                         4.5%                           ]

[==                         4.7%                           ]

[==                         4.8%                           ]

[==                         4.9%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.6%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.8%                           ]

[===                        5.8%                           ]

[===                        6.0%                           ]

[===                        6.0%                           ]

[===                        6.0%                           ]

[===                        6.1%                           ]

[===                        6.2%                           ]

[===                        6.3%                           ]

[===                        6.5%                           ]

[===                        6.6%                           ]

[===                        6.7%                           ]

[===                        6.7%                           ]

[===                        6.8%                           ]

[====                       6.9%                           ]

[====                       7.1%                           ]

[====                       7.2%                           ]

[====                       7.4%                           ]

[====                       7.5%                           ]

[====                       7.7%                           ]

[====                       7.7%                           ]

[====                       7.8%                           ]

[====                       8.0%                           ]

[====                       8.1%                           ]

[====                       8.2%                           ]

[====                       8.3%                           ]

[====                       8.4%                           ]

[====                       8.5%                           ]

[=====                      8.7%                           ]

[=====                      8.8%                           ]

[=====                      9.0%                           ]

[=====                      9.1%                           ]

[=====                      9.3%                           ]

[=====                      9.4%                           ]

[=====                      9.6%                           ]

[=====                      9.6%                           ]

[=====                      9.7%                           ]

[=====                      9.7%                           ]

[=====                      9.8%                           ]

[=====                      9.9%                           ]

[=====                      9.9%                           ]

[=====                      10.1%                          ]

[=====                      10.2%                          ]

[=====                      10.3%                          ]

[======                     10.4%                          ]

[======                     10.5%                          ]

[======                     10.6%                          ]

[======                     10.8%                          ]

[======                     11.0%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.5%                          ]

[======                     11.6%                          ]

[======                     11.8%                          ]

[======                     11.8%                          ]

[======                     11.9%                          ]

[======                     12.0%                          ]

[=======                    12.1%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.3%                          ]

[=======                    12.5%                          ]

[=======                    12.7%                          ]

[=======                    12.8%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.1%                          ]

[=======                    13.3%                          ]

[=======                    13.3%                          ]

[=======                    13.4%                          ]

[=======                    13.7%                          ]

[========                   13.8%                          ]

[========                   13.9%                          ]

[========                   13.9%                          ]

[========                   13.9%                          ]

[========                   14.1%                          ]

[========                   14.1%                          ]

[========                   14.2%                          ]

[========                   14.2%                          ]

[========                   14.3%                          ]

[========                   14.4%                          ]

[========                   14.6%                          ]

[========                   14.9%                          ]

[========                   14.9%                          ]

[========                   15.1%                          ]

[========                   15.2%                          ]

[========                   15.4%                          ]

[=========                  15.6%                          ]

[=========                  15.7%                          ]

[=========                  15.8%                          ]

[=========                  16.2%                          ]

[=========                  16.4%                          ]

[=========                  16.5%                          ]

[=========                  16.8%                          ]

[=========                  16.8%                          ]

[=========                  17.0%                          ]

[=========                  17.2%                          ]

[==========                 17.3%                          ]

[==========                 17.4%                          ]

[==========                 17.5%                          ]

[==========                 17.5%                          ]

[==========                 17.7%                          ]

[==========                 17.9%                          ]

[==========                 18.4%                          ]

[===========                19.0%                          ]

[===========                19.7%                          ]

[===========                20.2%                          ]

[===========                20.5%                          ]

[===========                20.7%                          ]

[============               21.1%                          ]

[============               21.1%                          ]

[============               21.4%                          ]

[============               21.5%                          ]

[============               21.8%                          ]

[============               22.1%                          ]

[============               22.3%                          ]

[=============              22.6%                          ]

[=============              22.8%                          ]

[=============              23.1%                          ]

[=============              23.3%                          ]

[=============              23.6%                          ]

[=============              23.9%                          ]

[==============             24.2%                          ]

[==============             24.5%                          ]

[==============             24.8%                          ]

[==============             24.9%                          ]

[==============             25.1%                          ]

[==============             25.4%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[==============             25.8%                          ]

[===============            26.0%                          ]

[===============            26.2%                          ]

[===============            26.3%                          ]

[===============            26.6%                          ]

[===============            26.6%                          ]

[===============            26.9%                          ]

[===============            26.9%                          ]

[===============            27.0%                          ]

[===============            27.1%                          ]

[===============            27.1%                          ]

[===============            27.2%                          ]

[===============            27.2%                          ]

[===============            27.2%                          ]

[===============            27.3%                          ]

[===============            27.5%                          ]

[================           27.6%                          ]

[================           27.6%                          ]

[================           27.8%                          ]

[================           27.9%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.4%                          ]

[================           28.5%                          ]

[================           28.8%                          ]

[================           28.9%                          ]

[================           29.1%                          ]

[================           29.3%                          ]

[=================          29.6%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.7%                          ]

[=================          30.8%                          ]

[=================          30.9%                          ]

[==================         31.1%                          ]

[==================         31.2%                          ]

[==================         31.4%                          ]

[==================         31.5%                          ]

[==================         31.7%                          ]

[==================         31.8%                          ]

[==================         31.9%                          ]

[==================         32.2%                          ]

[==================         32.3%                          ]

[==================         32.5%                          ]

[==================         32.7%                          ]

[==================         32.8%                          ]

[===================        32.8%                          ]

[===================        32.9%                          ]

[===================        33.1%                          ]

[===================        33.2%                          ]

[===================        33.3%                          ]

[===================        33.4%                          ]

[===================        33.4%                          ]

[===================        33.4%                          ]

[===================        33.6%                          ]

[===================        33.7%                          ]

[===================        33.7%                          ]

[===================        33.8%                          ]

[===================        34.0%                          ]

[===================        34.0%                          ]

[===================        34.3%                          ]

[===================        34.4%                          ]

[===================        34.4%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       35.0%                          ]

[====================       35.2%                          ]

[====================       35.3%                          ]

[====================       35.5%                          ]

[====================       35.5%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       36.1%                          ]

[====================       36.2%                          ]

[====================       36.2%                          ]

[=====================      36.2%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.4%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.6%                          ]

[=====================      36.7%                          ]

[=====================      36.8%                          ]

[=====================      36.9%                          ]

[=====================      37.2%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.5%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.8%                          ]

[=====================      37.8%                          ]

[=====================      37.8%                          ]

[=====================      37.9%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.1%                          ]

[======================     38.1%                          ]

[======================     38.2%                          ]

[======================     38.3%                          ]

[======================     38.4%                          ]

[======================     38.4%                          ]

[======================     38.5%                          ]

[======================     38.5%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.7%                          ]

[======================     38.8%                          ]

[======================     38.9%                          ]

[======================     39.0%                          ]

[======================     39.1%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.3%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[======================     39.6%                          ]

[=======================    39.7%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.9%                          ]

[=======================    39.9%                          ]

[=======================    40.0%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.3%                          ]

[=======================    40.4%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.6%                          ]

[=======================    40.7%                          ]

[=======================    40.7%                          ]

[=======================    40.8%                          ]

[=======================    40.8%                          ]

[=======================    40.8%                          ]

[=======================    40.8%                          ]

[=======================    40.9%                          ]

[=======================    40.9%                          ]

[=======================    41.0%                          ]

[=======================    41.0%                          ]

[=======================    41.0%                          ]

[=======================    41.1%                          ]

[=======================    41.2%                          ]

[=======================    41.3%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.6%                          ]

[========================   41.8%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.2%                          ]

[========================   42.3%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.8%                          ]

[========================   42.9%                          ]

[========================   43.0%                          ]

[========================   43.0%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.3%                          ]

[=========================  43.4%                          ]

[=========================  43.4%                          ]

[=========================  43.4%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.6%                          ]

[=========================  43.7%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  44.0%                          ]

[=========================  44.0%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.4%                          ]

[=========================  44.5%                          ]

[=========================  44.5%                          ]

[=========================  44.5%                          ]

[=========================  44.6%                          ]

[=========================  44.7%                          ]

[=========================  44.8%                          ]

[========================== 44.8%                          ]

[========================== 44.9%                          ]

[========================== 45.0%                          ]

[========================== 45.1%                          ]

[========================== 45.2%                          ]

[========================== 45.3%                          ]

[========================== 45.4%                          ]

[========================== 45.5%                          ]

[========================== 45.6%                          ]

[========================== 45.7%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 45.8%                          ]

[========================== 45.9%                          ]

[========================== 46.0%                          ]

[========================== 46.2%                          ]

[========================== 46.2%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.5%                          ]

[===========================46.6%                          ]

[===========================46.7%                          ]

[===========================46.9%                          ]

[===========================47.1%                          ]

[===========================47.1%                          ]

[===========================47.2%                          ]

[===========================47.3%                          ]

[===========================47.5%                          ]

[===========================47.7%                          ]

[===========================47.9%                          ]

[===========================48.2%                          ]

[===========================48.5%                          ]

[===========================48.8%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.4%                          ]

[===========================49.7%                          ]

[===========================49.7%                          ]

[===========================50.0%                          ]

[===========================50.3%                          ]

[===========================50.5%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.2%                          ]

[===========================51.3%                          ]

[===========================51.5%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.9%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.0%                          ]

[===========================52.1%                          ]

[===========================52.1%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.6%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.2%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.1%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.8%                          ]

[===========================55.9%                          ]

[===========================56.1%                          ]

[===========================56.2%                          ]

[===========================56.3%                          ]

[===========================56.5%                          ]

[===========================56.6%                          ]

[===========================56.7%                          ]

[===========================56.7%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.4%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.9%=                         ]

[===========================58.9%==                        ]

[===========================58.9%==                        ]

[===========================59.0%==                        ]

[===========================59.2%==                        ]

[===========================59.5%==                        ]

[===========================59.5%==                        ]

[===========================59.7%==                        ]

[===========================60.1%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 623783670 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 8401022 B
Edge => 89966126 B
Chrome => 485048294 B

 


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

As you can see in the log above:
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
 
Let's do a few more checks, just to ensure everything is clean.


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#9
ritag1950

ritag1950

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi, Here is the stuff from AdwCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-29-2022
# Duration: 00:00:53
# OS:       Windows 10 (Build 19045.2251)
# Scanned:  32103
# Detected: 56


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic            C:\ProgramData\AVG_UPDATE_0916AV
Rogue.ForcedExtension           C:\ProgramData\apn

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.InstallIQ          HKLM\Software\Wow6432Node\InstallIQ
PUP.Optional.Legacy             HKCU\Software\APN PIP
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
PUP.Optional.Legacy             HKLM\Software\AVG Secure Search
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\AVG Secure Search
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\AVG Security Toolbar
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\PIP
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}

***** [ Chromium (and derivatives) ] *****

Adware.Spigot                   Easy Converter - clhjnecnbbjpgnghodmifdmagppiceia

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.DellCustomerConnect   Folder   C:\Program Files (x86)\DELL CUSTOMER CONNECT
Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}
Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}
Preinstalled.DellSupportCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.HPHealthCheck   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9ED96EE-F60E-43C3-8861-B0A1947D4D55}  
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01F01829-4C5A-41B0-8198-0BDD02B34C47}
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

Here is stuff from Mlwarebytes:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/29/22
Scan Time: 10:50 AM
Log File: ed723722-7005-11ed-b457-7845c43ab631.json

-Software Information-
Version: 4.5.18.226
Components Version: 1.0.1823
Update Package Version: 1.0.62858
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2251)
CPU: x64
File System: NTFS
User: Rita-PC\Rita

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348584
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 40 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.InstallBrain, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, No Action By User, 5942, 239559, 1.0.62858, , ame, , ,

Registry Value: 2
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|clhjnecnbbjpgnghodmifdmagppiceia, No Action By User, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|giojhdacejeffoobipkdpmpaiajendbc, No Action By User, 163, 454579, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G, No Action By User, 978, 175062, , , , , ,
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, No Action By User, 978, 175062, 1.0.62858, , ame, , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia, No Action By User, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA, No Action By User, 163, 454579, 1.0.62858, , ame, , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc, No Action By User, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC, No Action By User, 163, 454579, 1.0.62858, , ame, , ,

File: 23
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z, No Action By User, 978, 175062, , , , , 77492649D703FC52F72A9BDB9B7B1A77, 48F0FE0AF558023A5B4FE0E0D76C89F467B411B23155ABF22BC9573044DC6116
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll, No Action By User, 978, 175062, , , , , FA63DED4ABB6D155C23474B5FE11258E, D6A5FF8AF99E3494D7E8FBB063010CB653DB27FEEB3713E510F72EA7D22995B0
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\Setup.ini, No Action By User, 978, 175062, , , , , 7B6792C96E04BCBABB0E0B3A2223F7D0, E628997580859D5F4F6D3617B34AC74A8E0C6305CA17E2312B2AA9AACCD04762
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 163, 454579, , , , , 40298AB4BA60F186653E60BE3E1F8EB0, B2CB2C382D00C97AB70BF6F599E16ED1D3150BC348CB158F5463D277505064D6
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 163, 454579, , , , , 9A5CACE8ECB6F85FA3F8FC32A257C404, DA1751D1CC19106BDAC5BC708CBF15BE07BB557B2C4824F627667D06BBDC026F
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\000003.log, No Action By User, 163, 454579, , , , , 309FAC540CF5B288D3EA62A7630815F2, 67494991628290D3FFBB576EDF748C3A5FD90C2842671713C635003C469BC243
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\CURRENT, No Action By User, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOCK, No Action By User, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG, No Action By User, 163, 454579, , , , , 766E9BAD6C2B54AB5A7BA4BB4EA10A57, 3378A73BE5ABBA59DDB1232630074037985EDB51DD3352883AD6C448BF2A8903
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG.old, No Action By User, 163, 454579, , , , , 919DD931D0123EEBB14B38803C0A2F5E, 71E955F2DDA97362011C64A6814CE9D3F82D44A6C26196524EF752D751AE7C09
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\MANIFEST-000001, No Action By User, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA\2.2_0\CHROMERESTORE.JS, No Action By User, 163, 454579, 1.0.62858, , ame, , 2FDA91434081FAF4CE1AB97EFA563ACA, 6383385053D9E2A57BCADA7B29A3BEC77CD2E9253BDCAF995BED15A575C453E5
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 163, 454579, , , , , 40298AB4BA60F186653E60BE3E1F8EB0, B2CB2C382D00C97AB70BF6F599E16ED1D3150BC348CB158F5463D277505064D6
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 163, 454579, , , , , 9A5CACE8ECB6F85FA3F8FC32A257C404, DA1751D1CC19106BDAC5BC708CBF15BE07BB557B2C4824F627667D06BBDC026F
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\000003.log, No Action By User, 163, 454579, , , , , D3757B0C074B8FBABB9CEF6374035B88, 30AC9E1FF46A0B0BDD6BE3F57F8AABA1EC0C832CC05E318CC7E7E3E323A8AA22
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\CURRENT, No Action By User, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOCK, No Action By User, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG, No Action By User, 163, 454579, , , , , 684D493DA9AC8244BB9EADC08C4EC1D1, 906D474C1815E34214415801189F40C9E76BA287C57D58DC20369A26F1F6F1E3
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG.old, No Action By User, 163, 454579, , , , , 4F0255D82C3C93781A1024227DF0A663, 6E4D6784962795CBDB7EA336646ABB7E4EBBFA7F8BF76B566EE7F7BD2F557C8D
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\MANIFEST-000001, No Action By User, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC\3.3_0\CHROMERESTORE.JS, No Action By User, 163, 454579, 1.0.62858, , ame, , D1357899C525B5CD95C01D18118A03C5, 4A081E1ADC06D510FE0F02F1F4E95A3B485EDB8DFA9FEA9408B521EF53C25768
Malware.AI.698451016, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RZ15SKL.EXE, No Action By User, 1000000, 698451016, 1.0.62858, 251976F18CED6F1429A18448, dds, 02057123, 369B74993CAD72F67723A9C2877BFBA3, C23C261C4E45F4A3CF8742FE1BF16BFBC93BB447AA0BA96DB16F231D1A199D65
Adware.InstallIQ, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RJU2O6Z.EXE, No Action By User, 858, 796930, 1.0.62858, 70002DACE90AC818E4A62011, dds, 02057123, 9CEC0E9A6995186A4267B32F7E3FD048, 871E98F9CFA75977A0B7BC62599FA21E1F41CC4C52B2B9880B869B8002742DFB

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Wow, Ritag1950!

Many things are detected!!!

Let's clean!

1. AdwCleaner (Clean mode)

The findings in Folders, Chromium and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • The eset.txt

  • 0

#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Ritag1950, if you really need assistance, please make sure to login and follow my instructions at least once a day. Otherwise, it is very difficult for the procedure to run without issues. Everything changes in a system every time we use our computers, and in case of an infection this makes things complicated. 


  • 0

#12
ritag1950

ritag1950

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here is AdwClean txt

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/1/22
Scan Time: 5:55 PM
Log File: a7da80fa-71d3-11ed-aaf1-7845c43ab631.json

-Software Information-
Version: 4.5.18.226
Components Version: 1.0.1823
Update Package Version: 1.0.62924
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2251)
CPU: x64
File System: NTFS
User: Rita-PC\Rita

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 356939
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 52 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|giojhdacejeffoobipkdpmpaiajendbc, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|clhjnecnbbjpgnghodmifdmagppiceia, Quarantined, 163, 454579, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC, Quarantined, 163, 454579, 1.0.62924, , ame, , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA, Quarantined, 163, 454579, 1.0.62924, , ame, , ,

File: 19
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 163, 454579, , , , , 5A4B83A85F37920BE51E52DBF0CD98E9, D04AB33038D84FEA9812A4BEF04EB04584C26F909D1CDB3619E5EDB1527F42EA
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 163, 454579, , , , , 4CD971721C6A557530DC279B48E3D549, 9DA8CCDCA7534977C6B5DEB7B749C0595A792CA4743025409268949F45A12DDE
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\000003.log, Quarantined, 163, 454579, , , , , D3757B0C074B8FBABB9CEF6374035B88, 30AC9E1FF46A0B0BDD6BE3F57F8AABA1EC0C832CC05E318CC7E7E3E323A8AA22
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\CURRENT, Quarantined, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOCK, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG, Quarantined, 163, 454579, , , , , 684D493DA9AC8244BB9EADC08C4EC1D1, 906D474C1815E34214415801189F40C9E76BA287C57D58DC20369A26F1F6F1E3
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG.old, Quarantined, 163, 454579, , , , , 4F0255D82C3C93781A1024227DF0A663, 6E4D6784962795CBDB7EA336646ABB7E4EBBFA7F8BF76B566EE7F7BD2F557C8D
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\MANIFEST-000001, Quarantined, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC\3.3_0\CHROMERESTORE.JS, Quarantined, 163, 454579, 1.0.62924, , ame, , D1357899C525B5CD95C01D18118A03C5, 4A081E1ADC06D510FE0F02F1F4E95A3B485EDB8DFA9FEA9408B521EF53C25768
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 163, 454579, , , , , 4CD971721C6A557530DC279B48E3D549, 9DA8CCDCA7534977C6B5DEB7B749C0595A792CA4743025409268949F45A12DDE
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\000003.log, Quarantined, 163, 454579, , , , , 309FAC540CF5B288D3EA62A7630815F2, 67494991628290D3FFBB576EDF748C3A5FD90C2842671713C635003C469BC243
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\CURRENT, Quarantined, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOCK, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG, Quarantined, 163, 454579, , , , , 766E9BAD6C2B54AB5A7BA4BB4EA10A57, 3378A73BE5ABBA59DDB1232630074037985EDB51DD3352883AD6C448BF2A8903
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG.old, Quarantined, 163, 454579, , , , , 919DD931D0123EEBB14B38803C0A2F5E, 71E955F2DDA97362011C64A6814CE9D3F82D44A6C26196524EF752D751AE7C09
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\MANIFEST-000001, Quarantined, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA\2.2_0\CHROMERESTORE.JS, Quarantined, 163, 454579, 1.0.62924, , ame, , 2FDA91434081FAF4CE1AB97EFA563ACA, 6383385053D9E2A57BCADA7B29A3BEC77CD2E9253BDCAF995BED15A575C453E5
Malware.AI.698451016, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RZ15SKL.EXE, Quarantined, 1000000, 698451016, 1.0.62924, 251976F18CED6F1429A18448, dds, 02060494, 369B74993CAD72F67723A9C2877BFBA3, C23C261C4E45F4A3CF8742FE1BF16BFBC93BB447AA0BA96DB16F231D1A199D65
Adware.InstallIQ, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RJU2O6Z.EXE, Quarantined, 858, 796930, 1.0.62924, 70002DACE90AC818E4A62011, dds, 02060494, 9CEC0E9A6995186A4267B32F7E3FD048, 871E98F9CFA75977A0B7BC62599FA21E1F41CC4C52B2B9880B869B8002742DFB

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Malwarebytes report:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/1/22
Scan Time: 5:55 PM
Log File: a7da80fa-71d3-11ed-aaf1-7845c43ab631.json

-Software Information-
Version: 4.5.18.226
Components Version: 1.0.1823
Update Package Version: 1.0.62924
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2251)
CPU: x64
File System: NTFS
User: Rita-PC\Rita

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 356939
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 52 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|giojhdacejeffoobipkdpmpaiajendbc, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-982068928-1266911721-445647910-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|clhjnecnbbjpgnghodmifdmagppiceia, Quarantined, 163, 454579, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC, Quarantined, 163, 454579, 1.0.62924, , ame, , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA, Quarantined, 163, 454579, 1.0.62924, , ame, , ,

File: 19
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 163, 454579, , , , , 5A4B83A85F37920BE51E52DBF0CD98E9, D04AB33038D84FEA9812A4BEF04EB04584C26F909D1CDB3619E5EDB1527F42EA
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 163, 454579, , , , , 4CD971721C6A557530DC279B48E3D549, 9DA8CCDCA7534977C6B5DEB7B749C0595A792CA4743025409268949F45A12DDE
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\000003.log, Quarantined, 163, 454579, , , , , D3757B0C074B8FBABB9CEF6374035B88, 30AC9E1FF46A0B0BDD6BE3F57F8AABA1EC0C832CC05E318CC7E7E3E323A8AA22
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\CURRENT, Quarantined, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOCK, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG, Quarantined, 163, 454579, , , , , 684D493DA9AC8244BB9EADC08C4EC1D1, 906D474C1815E34214415801189F40C9E76BA287C57D58DC20369A26F1F6F1E3
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\LOG.old, Quarantined, 163, 454579, , , , , 4F0255D82C3C93781A1024227DF0A663, 6E4D6784962795CBDB7EA336646ABB7E4EBBFA7F8BF76B566EE7F7BD2F557C8D
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\giojhdacejeffoobipkdpmpaiajendbc\MANIFEST-000001, Quarantined, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GIOJHDACEJEFFOOBIPKDPMPAIAJENDBC\3.3_0\CHROMERESTORE.JS, Quarantined, 163, 454579, 1.0.62924, , ame, , D1357899C525B5CD95C01D18118A03C5, 4A081E1ADC06D510FE0F02F1F4E95A3B485EDB8DFA9FEA9408B521EF53C25768
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 163, 454579, , , , , 4CD971721C6A557530DC279B48E3D549, 9DA8CCDCA7534977C6B5DEB7B749C0595A792CA4743025409268949F45A12DDE
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\000003.log, Quarantined, 163, 454579, , , , , 309FAC540CF5B288D3EA62A7630815F2, 67494991628290D3FFBB576EDF748C3A5FD90C2842671713C635003C469BC243
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\CURRENT, Quarantined, 163, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOCK, Quarantined, 163, 454579, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG, Quarantined, 163, 454579, , , , , 766E9BAD6C2B54AB5A7BA4BB4EA10A57, 3378A73BE5ABBA59DDB1232630074037985EDB51DD3352883AD6C448BF2A8903
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\LOG.old, Quarantined, 163, 454579, , , , , 919DD931D0123EEBB14B38803C0A2F5E, 71E955F2DDA97362011C64A6814CE9D3F82D44A6C26196524EF752D751AE7C09
PUP.Optional.Spigot.Generic, C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhjnecnbbjpgnghodmifdmagppiceia\MANIFEST-000001, Quarantined, 163, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\RITA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHJNECNBBJPGNGHODMIFDMAGPPICEIA\2.2_0\CHROMERESTORE.JS, Quarantined, 163, 454579, 1.0.62924, , ame, , 2FDA91434081FAF4CE1AB97EFA563ACA, 6383385053D9E2A57BCADA7B29A3BEC77CD2E9253BDCAF995BED15A575C453E5
Malware.AI.698451016, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RZ15SKL.EXE, Quarantined, 1000000, 698451016, 1.0.62924, 251976F18CED6F1429A18448, dds, 02060494, 369B74993CAD72F67723A9C2877BFBA3, C23C261C4E45F4A3CF8742FE1BF16BFBC93BB447AA0BA96DB16F231D1A199D65
Adware.InstallIQ, C:\$RECYCLE.BIN\S-1-5-21-982068928-1266911721-445647910-1001\$RJU2O6Z.EXE, Quarantined, 858, 796930, 1.0.62924, 70002DACE90AC818E4A62011, dds, 02060494, 9CEC0E9A6995186A4267B32F7E3FD048, 871E98F9CFA75977A0B7BC62599FA21E1F41CC4C52B2B9880B869B8002742DFB

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

eset.txt

 

12/2/2022 9:32:15 AM
Files scanned: 772341
Detected files: 2
Cleaned files: 2
Total scan time 07:07:21
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20221201.172203\39\apn\APN-Stub\W3IV6-G\APNIC.dll#D8EAF06B2EDD0521    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    cleaned by deleting

C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting


 


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Can you please also the AdwCleaner[C0*].txt?

 

You posted the Malwarebytes report twice instead. 

 

After that, I would like to see fresh FRST logs, Addition and FRST.


  • 0

#14
ritag1950

ritag1950

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Oops Sorry Here is AdwCleaner[C01].txt

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-01-2022
# Duration: 00:00:20
# OS:       Windows 10 (Build 19045.2251)
# Cleaned:  56
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\AVG_UPDATE_0916AV
Deleted       C:\ProgramData\apn

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\APN PIP
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Deleted       HKLM\Software\AVG Secure Search
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\AVG Secure Search
Deleted       HKLM\Software\Wow6432Node\AVG Security Toolbar
Deleted       HKLM\Software\Wow6432Node\InstallIQ
Deleted       HKLM\Software\Wow6432Node\PIP
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}

***** [ Chromium (and derivatives) ] *****

Deleted       Easy Converter - clhjnecnbbjpgnghodmifdmagppiceia

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.DellCustomerConnect   Folder   C:\Program Files (x86)\DELL CUSTOMER CONNECT
Deleted       Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}
Deleted       Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}
Deleted       Preinstalled.DellSupportCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted       Preinstalled.HPHealthCheck   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.SmartByte   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIVET NETWORKS
Deleted       Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9ED96EE-F60E-43C3-8861-B0A1947D4D55}
Deleted       Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Deleted       Preinstalled.SmartByte   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01F01829-4C5A-41B0-8198-0BDD02B34C47}
Deleted       Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY
Needs Reboot  Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\Program Files\RIVET NETWORKS

*************************

AdwCleaner[S00].txt - [7578 octets] - [29/11/2022 10:32:16]
AdwCleaner[S01].txt - [7639 octets] - [01/12/2022 17:03:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2022
Ran by Rita (administrator) on RITA-PC (Dell Inc. Inspiron 660s) (03-12-2022 13:32:15)
Running from C:\Users\Rita\Desktop
Loaded Profiles: Rita
Platform: Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe ->) (Innovative Solutions Grup SRL -> ) C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc64helper.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(explorer.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe <7>
(explorer.exe ->) (Innovative Solutions Grup SRL -> Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <13>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(services.exe ->) (CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1977696 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Run: [STC] => C:\Program Files (x86)\Innovative Solutions\System Tray Cleaner\stc.exe [4534136 2013-09-17] (Innovative Solutions Grup SRL -> Innovative Solutions)
HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Run: [Dropbox Update] => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-13] (Microsoft Windows -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MG6600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC9.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2009-07-13] (Microsoft Windows -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6600 series: C:\WINDOWS\system32\CNMLMC9.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.73\Installer\chrmstp.exe [2022-12-02] (Google LLC -> Google LLC)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2022-12-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2016-12-26]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Rita\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03100940-1892-4213-A90D-4FCD534CDE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-17] (Google Inc -> Google Inc.)
Task: {0E1D70D3-8DEF-4D60-80D0-D1334FA73E6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {199A893F-5634-4B26-84E2-7F794BF8FCE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-17] (Google Inc -> Google Inc.)
Task: {27DE7222-F3D6-4D59-BC55-E707E138D38B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3711D2F3-A45D-4DA3-AF20-69298422699B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-12-01] (ESET, spol. s r.o. -> ESET)
Task: {3FEBF435-486A-49F2-9CE2-2FD5630FEB80} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6201C13E-D30B-4B41-88DC-DB04277C7B13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650B25C9-4BAF-4797-90B4-73911BD5E3FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {73EF39A7-8967-4D13-B6E4-B7FCB7652379} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-12-01] (ESET, spol. s r.o. -> ESET)
Task: {75E5D3F4-6C20-49C8-AECB-FB0E6A50051D} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {9AE221BA-27C2-47F7-91A9-E32D552EA96C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {A53788A0-5AC7-4F4B-9A48-088057B39BF4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219 => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C4153505-ACCA-409F-80C4-311CEF35D420} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219.job => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f.job => C:\Users\Rita\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{a182d5c7-a9f6-4ab5-83d7-3994a2bf3f4a}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{c3947a17-de22-4b4a-8dfd-e70d393759fe}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Edge:
=======
DownloadDir: C:\Users\Rita\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-14]
Edge DownloadDir: Default -> C:\Users\Rita\Downloads

FireFox:
========
FF DefaultProfile: 8xtqtq8g.default
FF ProfilePath: C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\8xtqtq8g.default [2022-12-03]
FF Notifications: Mozilla\Firefox\Profiles\8xtqtq8g.default -> hxxps://www.pinterest.com
FF Extension: (PDF Editor and Search by PDFtab) - C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\8xtqtq8g.default\Extensions\{82c0173d-b61d-4cd3-8e01-ffc56211a71c}.xpi [2022-09-05] [UpdateUrl:hxxps://cdn.pdftab-cdn.com/xpi/pdftab/yhs/0721/search/updates.json]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2022-11-30]
CHR Notifications: Default -> hxxps://www.allrecipes.com; hxxps://www.facebook.com; hxxps://www.menuswithprice.com
CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-28]
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [115648 2015-08-04] (Andrea Electronics -> Andrea Electronics Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] [File is in use]
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [334688 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8872736 2022-11-29] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] (CyberLink -> )
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 Dell Customer Connect; "C:\Program Files (x86)\Dell Customer Connect\DCCService.exe" [X]
S2 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2012-08-05] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-12-01] (Malwarebytes Inc. -> Malwarebytes)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-02 09:33 - 2022-12-02 09:33 - 000003838 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-12-02 09:33 - 2022-12-02 09:33 - 000003396 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-12-02 09:32 - 2022-12-02 09:32 - 000000964 _____ C:\Users\Rita\Desktop\eset.txt
2022-12-01 21:49 - 2022-12-01 21:49 - 000001418 _____ C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-12-01 21:49 - 2022-12-01 21:49 - 000001312 _____ C:\Users\Rita\Desktop\ESET Online Scanner.lnk
2022-12-01 21:49 - 2022-12-01 21:49 - 000000000 ____D C:\Users\Rita\AppData\Local\ESET
2022-12-01 21:48 - 2022-12-01 21:48 - 015274968 _____ (ESET) C:\Users\Rita\Desktop\esetonlinescanner.exe
2022-12-01 21:47 - 2022-12-01 21:47 - 000007454 _____ C:\Users\Rita\Desktop\Malwarebytes-1-12-22.txt
2022-12-01 21:42 - 2022-12-01 21:42 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-12-01 21:41 - 2022-12-01 21:41 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-12-01 21:41 - 2022-12-01 21:41 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-12-01 17:52 - 2022-12-01 17:52 - 000008228 _____ C:\Users\Rita\Desktop\AdwCleaner[C01].txt
2022-12-01 07:44 - 2022-12-01 07:44 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-11-29 23:02 - 2022-12-01 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-11-29 10:46 - 2022-12-03 03:01 - 000000000 ____D C:\Users\Rita\AppData\LocalLow\IGDump
2022-11-29 10:46 - 2022-11-29 10:46 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-29 10:42 - 2022-11-29 10:42 - 000000000 ____D C:\Users\Rita\AppData\Local\mbam
2022-11-29 10:41 - 2022-11-29 10:46 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-29 10:41 - 2022-11-29 10:46 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-11-29 10:41 - 2022-11-29 10:41 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-29 10:41 - 2022-11-29 10:40 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-29 10:41 - 2022-11-29 10:40 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-29 10:39 - 2022-11-29 10:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-29 10:39 - 2022-11-29 10:45 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-29 10:38 - 2022-11-29 10:38 - 002632256 _____ (Malwarebytes) C:\Users\Rita\Desktop\MBSetup-FB914F11.exe
2022-11-29 10:37 - 2022-11-29 10:37 - 000007578 _____ C:\Users\Rita\Desktop\AdwCleaner[S00].txt
2022-11-29 10:30 - 2022-12-01 17:22 - 000000000 ____D C:\AdwCleaner
2022-11-29 10:30 - 2022-11-29 10:30 - 008791352 _____ (Malwarebytes) C:\Users\Rita\Desktop\adwcleaner(1).exe
2022-11-29 10:11 - 2022-11-29 10:11 - 008551608 _____ (Malwarebytes) C:\Users\Rita\Desktop\AdwCleaner.exe
2022-11-28 11:19 - 2022-11-28 12:14 - 000071015 _____ C:\Users\Rita\Desktop\Fixlog.txt
2022-11-28 11:19 - 2022-11-28 11:19 - 000010008 _____ C:\Users\Rita\Desktop\ihcufdmhscup.txt
2022-11-22 15:52 - 2022-11-22 15:57 - 000055127 _____ C:\Users\Rita\Desktop\Addition.txt
2022-11-22 15:47 - 2022-12-03 13:35 - 000020970 _____ C:\Users\Rita\Desktop\FRST.txt
2022-11-22 15:46 - 2022-11-28 11:18 - 000000000 ____D C:\Users\Rita\Desktop\FRST-OlderVersion
2022-11-22 15:45 - 2022-12-03 13:34 - 000000000 ____D C:\FRST
2022-11-22 15:42 - 2022-11-28 11:18 - 002375680 _____ (Farbar) C:\Users\Rita\Desktop\FRST64.exe
2022-11-13 16:12 - 2022-11-13 16:12 - 000135536 _____ C:\Users\Rita\Downloads\124339894259.JPEG
2022-11-09 07:43 - 2022-11-09 07:43 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-09 07:43 - 2022-11-09 07:43 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-09 07:42 - 2022-11-09 07:42 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-09 07:41 - 2022-11-09 07:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-09 07:15 - 2022-11-09 07:15 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-03 13:30 - 2017-02-17 11:14 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-03 13:27 - 2022-02-08 16:01 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-03 13:27 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-03 13:26 - 2020-08-10 17:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-12-03 13:26 - 2016-11-23 11:32 - 000000000 ____D C:\Users\Rita\AppData\LocalLow\Mozilla
2022-12-03 11:30 - 2013-01-28 12:52 - 000000000 ____D C:\Users\Rita\Documents\XmasLists
2022-12-03 09:43 - 2017-09-01 22:16 - 000000000 ____D C:\Users\Rita\Documents\Exchange
2022-12-03 04:02 - 2015-01-13 19:46 - 000000000 ____D C:\ProgramData\IDrive
2022-12-02 20:33 - 2017-02-17 11:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-02 20:33 - 2017-02-17 11:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-12-01 21:47 - 2022-06-08 19:46 - 000000000 ____D C:\Users\Rita\AppData\Roaming\DropboxElectron
2022-12-01 21:47 - 2015-06-17 23:27 - 000000000 ____D C:\Users\Rita\AppData\Local\Dropbox
2022-12-01 21:45 - 2018-07-02 13:44 - 000000000 ____D C:\Users\Rita\AppData\Local\CrashDumps
2022-12-01 21:44 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-01 21:44 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-12-01 21:44 - 2014-08-27 17:29 - 000000000 ___RD C:\Users\Rita\OneDrive
2022-12-01 21:40 - 2020-08-10 18:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-12-01 21:40 - 2020-08-10 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-12-01 17:37 - 2016-11-04 13:37 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f.job
2022-12-01 17:37 - 2016-11-04 13:37 - 000000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219.job
2022-12-01 17:36 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-12-01 17:36 - 2014-11-18 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-01 17:22 - 2020-11-19 20:53 - 000000000 ____D C:\Program Files (x86)\Dell
2022-12-01 17:22 - 2015-02-11 10:05 - 000000000 ____D C:\Program Files\Dell
2022-12-01 17:22 - 2014-09-18 16:21 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-12-01 17:22 - 2013-03-16 02:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2022-12-01 17:22 - 2012-12-21 09:12 - 000000000 ____D C:\Program Files (x86)\CyberLink
2022-12-01 17:22 - 2012-12-21 09:10 - 000000000 ____D C:\ProgramData\Dell
2022-12-01 07:45 - 2013-08-20 10:05 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Dropbox
2022-11-30 21:37 - 2020-08-10 18:23 - 000004074 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001UA1d236d2e079dc8f
2022-11-30 21:37 - 2020-08-10 18:23 - 000003698 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-982068928-1266911721-445647910-1001Core1d236d2e031b219
2022-11-30 17:25 - 2022-05-25 17:45 - 000001461 _____ C:\Users\Rita\Desktop\Roblox Player.lnk
2022-11-30 17:25 - 2022-05-25 17:45 - 000001284 _____ C:\Users\Rita\Desktop\Roblox Studio.lnk
2022-11-30 17:25 - 2021-01-27 11:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-11-30 06:02 - 2021-07-27 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-11-30 06:02 - 2014-11-18 14:52 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-11-29 23:26 - 2020-07-10 22:06 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-29 10:41 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-28 12:00 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-28 11:17 - 2020-08-10 18:04 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-28 11:17 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-28 10:52 - 2017-12-28 17:36 - 000000000 ____D C:\Users\Rita\AppData\Local\Packages
2022-11-20 11:43 - 2013-01-28 12:52 - 000000000 ____D C:\Users\Rita\Documents\XmasPoems
2022-11-17 19:34 - 2021-12-10 17:56 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-982068928-1266911721-445647910-1001
2022-11-17 19:34 - 2020-08-10 18:23 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-982068928-1266911721-445647910-1001
2022-11-17 19:34 - 2020-08-10 17:50 - 000002417 _____ C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-17 09:10 - 2022-04-14 18:38 - 000000000 ____D C:\Users\Rita\Documents\Easter Jokes
2022-11-14 21:06 - 2020-08-10 18:23 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-14 21:06 - 2020-08-10 18:23 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-10 17:52 - 2018-05-15 10:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-09 17:40 - 2020-08-10 17:47 - 000458920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-09 17:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-09 17:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-09 07:41 - 2020-08-10 17:52 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-09 07:13 - 2013-08-14 02:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-09 07:07 - 2013-01-24 18:45 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2015-03-20 13:04 - 2015-03-20 13:04 - 000000016 ____H () C:\Users\Rita\SyncToy_2ae4eca7-6b64-4c1a-9253-2bd8b91822c0.dat
2013-01-29 15:32 - 2013-01-29 15:32 - 000025334 _____ () C:\Users\Rita\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-02-23 19:04 - 2021-11-20 14:36 - 000007623 _____ () C:\Users\Rita\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2022
Ran by Rita (03-12-2022 13:36:55)
Running from C:\Users\Rita\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) (2020-08-11 00:24:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-982068928-1266911721-445647910-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-982068928-1266911721-445647910-503 - Limited - Disabled)
Guest (S-1-5-21-982068928-1266911721-445647910-501 - Limited - Disabled)
Rita (S-1-5-21-982068928-1266911721-445647910-1001 - Administrator - Enabled) => C:\Users\Rita
WDAGUtilityAccount (S-1-5-21-982068928-1266911721-445647910-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA Forms Helper 2016 version 2.0.0.0 (HKLM-x32\...\{EAB1A7E8-3811-47CF-9D69-202DD3729DA7}_is1) (Version: 2.0.0.0 - ADAMS Business Forms)
Adobe AIR (HKLM-x32\...\{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
BVS Solitaire Collection version 7.3 (HKLM-x32\...\BVSSOL_is1) (Version: 7.3 - BVS Development Corporation)
CloneSpy 3.24 - 64 bit (HKLM\...\CloneSpy) (Version: 3.24 - The CloneSpy Team)
Cool Edit 2000 (HKLM-x32\...\Cool Edit 2000) (Version:  - )
Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink Media Suite 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1904 - CyberLink Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Dropbox (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\Dropbox) (Version: 162.4.5419 - Dropbox, Inc.)
Easy Calendar 3.6 (HKLM-x32\...\Easy Calendar_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.73 - Google LLC)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
IDrive version 6.7.3.6 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.6 - Pro Softnet Corp)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}) (Version: 1.24.738.1 - Intel Corporation) Hidden
Malwarebytes version 4.5.18.226 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.18.226 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 107.0.1 (x64 en-US)) (Version: 107.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 107.0.1.8367 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
paint.net (HKLM\...\{E56D2CED-CCAE-4902-A559-17B452752DA5}) (Version: 4.3.10 - dotPDN LLC)
Photo Common (HKLM-x32\...\{D888F114-7537-4D48-AF03-5DA9C82D7540}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{30F99474-EBE3-4134-A02B-F6CD38CFE243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{FC6C7107-7D72-41A1-A031-3CE751159BAB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Quick Solitaire 3.3 (remove only) (HKLM-x32\...\Quick Solitaire 3.3) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Roblox Player for Rita (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Rita (HKU\S-1-5-21-982068928-1266911721-445647910-1001\...\roblox-studio) (Version:  - Roblox Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: 1.0.1.3 - GameHouse, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snood Plus (HKLM-x32\...\{A8A30EFF-C39B-492E-BEE6-3675B06115AC}) (Version: 1.5.1 - Snood, LLC)
System Tray Cleaner 4 (HKLM-x32\...\STC3_is1) (Version:  - Innovative Solutions)
Tax Forms Helper 2016 12.5 (HKLM-x32\...\Tax Forms Helper 2016_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Live Communications Platform (HKLM-x32\...\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{C034A6F9-6569-491B-B3BF-F5D15221A708}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{18272881-CFC0-434D-A975-E5BE44206AA0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-18] (Amazon.com)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.27.20.0_x64__kgqvnymyfvs32 [2022-11-23] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.232.300.0_x64__kgqvnymyfvs32 [2022-11-30] (king.com)
Dell | Getting Started with Windows 8 -> C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2 [2013-09-07] (Dell Inc)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-28] (Dell Inc)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_7.4.18.0_x86__h6adky7gbf63m [2022-11-23] (Gameloft SE)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Garmin Connect Mobile -> C:\Program Files\WindowsApps\Garmin.GarminConnectMobile_3.24.1.0_x64__xpnz26pswwvpm [2018-05-18] (GARMIN INTERNATIONAL INC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-02] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-21] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-12] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
PDF to JPEG -> C:\Program Files\WindowsApps\40066DaniyalSyed.PDFtoJPEG_1.2.0.1000_x64__qzfwg6dxbppre [2019-05-24] (Daniyal Syed) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-04] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.11210.0_x64__8wekyb3d8bbwe [2022-11-30] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Rita\Dropbox [2013-08-20 10:08]
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [Dropbox] =>
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-982068928-1266911721-445647910-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-982068928-1266911721-445647910-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.56.0.dll [2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-19 18:58 - 2020-02-18 12:19 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2020-02-19 18:58 - 2020-02-18 12:19 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2022-11-09 19:21 - 2022-11-09 19:21 - 000016384 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1fc4385b815039dc92df8717da799e9b\PSIClient.ni.dll
2022-06-15 18:52 - 2022-06-15 18:52 - 000019968 _____ (Intel Corp.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\291c5fe0d8bab360b1a1814089f653cc\IAStorCommon.ni.dll
2012-12-21 09:11 - 2012-07-09 13:46 - 000269312 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\PsiData.dll
2012-12-21 09:11 - 2012-07-09 13:46 - 000497664 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2022-08-11 19:49 - 2022-08-11 19:49 - 000075264 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMgr\af229c3ff7e92c037723af25ada5e23e\IAStorDataMgr.ni.dll
2022-11-09 19:20 - 2022-11-09 19:20 - 000379392 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\53a80d59deefe234e3a47b50e8a0cbd0\IAStorUtil.ni.dll
2022-11-09 19:21 - 2022-11-09 19:21 - 001114624 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorViewModel\563a11488913234d0568915d966db0f9\IAStorViewModel.ni.dll
2022-11-09 19:20 - 2022-11-09 19:20 - 003864576 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSI\30c016820c0614f853a9a8f6d7fad1a2\PSI.ni.dll
2022-08-11 19:50 - 2022-08-11 19:50 - 000643584 _____ (Intel Corporation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PsiData\696f9184aa815c829955ca1c52356a5e\PsiData.ni.dll
2022-08-11 19:50 - 2022-08-11 19:50 - 000027136 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\85ebdf519a1b31af32afceb97ad8b8ff\IAStorDataMgrSvcInterfaces.ni.dll
2018-12-04 12:10 - 2018-12-04 12:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ww2.cox.com/myconnection/home.cox
HKU\S-1-5-21-982068928-1266911721-445647910-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2018-12-03 08:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-982068928-1266911721-445647910-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rita\Pictures\Screensavers\Snoopy2 Christmas screensaver.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{59699F7D-E2D4-4E0E-B212-F131AE224674}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9D738C33-1D58-46B5-8371-93D921B545AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74FE013D-C92E-4CA9-9B2B-1509B11E3117}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66703F73-26B4-4FA7-8AA7-CBCAD2525770}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00387607-31A1-4761-9E1D-CAB4745CC162}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3EAF779-BAE8-48D5-BA89-59CA45FF7056}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4EA6343B-B2A9-477A-848A-6093A4511953}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E13D7551-4B80-419D-A10E-5984F2C4E227}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

16-11-2022 19:12:16 Scheduled Checkpoint
25-11-2022 19:51:56 Scheduled Checkpoint
28-11-2022 10:53:57 Removed Amazon Browser App
01-12-2022 17:20:54 AdwCleaner_BeforeCleaning_01/12/2022_17:20:53

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/01/2022 09:45:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x53463944
Faulting module name: MSVCR90.dll, version: 9.0.30729.9625, time stamp: 0x5db2747f
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x1f3c
Faulting application start time: 0x01d9060075e5ca88
Faulting application path: C:\Users\Rita\AppData\Roaming\VERIZON\UA_ar\UA.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
Report Id: 6d386bc1-5a91-4902-adb1-14521a90e99a
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 05:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x53463944
Faulting module name: MSVCR90.dll, version: 9.0.30729.9625, time stamp: 0x5db2747f
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x258c
Faulting application start time: 0x01d905dfca0f72d7
Faulting application path: C:\Users\Rita\AppData\Roaming\VERIZON\UA_ar\UA.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
Report Id: 4f05ac99-141b-4c43-9919-342c5386c199
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 03:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x2700
Faulting application start time: 0x01d905ce04d9147d
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: 0b92d879-5078-410c-a545-2000b60a4808
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 03:43:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x680
Faulting application start time: 0x01d905cdfb0c2ffc
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: 1533bbe6-99ed-4a99-862d-66a71d70f0d1
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 08:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x150c
Faulting application start time: 0x01d90592478c6086
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: 6be6c8ff-7514-410e-98ea-10fdf880a674
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 08:36:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x1a28
Faulting application start time: 0x01d9059239e43104
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: cd3009f9-44c5-4937-b3fe-71337b76c7f8
Faulting package full name:
Faulting package-relative application ID:

Error: (12/01/2022 08:35:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Faulting module name: GHScrabble.exe, version: 1.0.1.3, time stamp: 0x4602f61f
Exception code: 0xc0000005
Fault offset: 0x00017321
Faulting process id: 0x1528
Faulting application start time: 0x01d905922e44998b
Faulting application path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Faulting module path: C:\Program Files (x86)\Hasbro\Scrabble CE\GHScrabble.exe
Report Id: e58790bc-07c6-4d55-99b7-7116f385d350
Faulting package full name:
Faulting package-relative application ID:

Error: (11/29/2022 11:40:51 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Rita_Backup (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (12/03/2022 11:15:42 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/03/2022 11:10:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/02/2022 11:42:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/01/2022 09:54:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/01/2022 09:54:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Rita\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2022 09:54:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/01/2022 09:54:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Rita\AppData\Local\Temp\ehdrv.sys

Error: (12/01/2022 09:54:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


Windows Defender:
================
Date: 2022-12-01 23:52:56
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...73&enterprise=0
Name: PUADlManager:Win32/DownloadAdmin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.379.1299.0, AS: 1.379.1299.0, NIS: 1.379.1299.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-12-01 22:02:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: PUA:Win32/AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\AdwCleaner\Quarantine\v1\20221201.172203\39\apn\APN-Stub\W3IV6-G\APNIC.7z#97B89E07D2A8C3C9; file:_C:\AdwCleaner\Quarantine\v1\20221201.172203\39\apn\APN-Stub\W3IV6-G\APNIC.dll#D8EAF06B2EDD0521
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.379.1299.0, AS: 1.379.1299.0, NIS: 1.379.1299.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-12-01 22:02:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...45&enterprise=0
Name: App:AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\AdwCleaner\Quarantine\v1\20221201.172203\39\apn\APN-Stub\W3IV6-G\APNIC.dll#D8EAF06B2EDD0521
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.379.1299.0, AS: 1.379.1299.0, NIS: 1.379.1299.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-12-01 22:02:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: PUA:Win32/AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\AdwCleaner\Quarantine\v1\20221201.172203\39\apn\APN-Stub\W3IV6-G\APNIC.7z#97B89E07D2A8C3C9
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Rita\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.379.1299.0, AS: 1.379.1299.0, NIS: 1.379.1299.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-29 04:00:24
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...73&enterprise=0
Name: PUADlManager:Win32/DownloadAdmin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Rita\Favorites\cbsidlm-cbsi3_2_5_41-PhotoScape-10703122.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
Security intelligence Version: AV: 1.379.1097.0, AS: 1.379.1097.0, NIS: 1.379.1097.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4
Event[0]:

Date: 2022-12-01 18:18:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.379.1116.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19800.4
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2022-12-03 13:27:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-03 13:27:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-03 03:05:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-02 19:40:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A07 08/24/2012
Motherboard: Dell Inc. 0478VN
Processor: Intel® Pentium® CPU G645 @ 2.90GHz
Percentage of memory in use: 67%
Total physical RAM: 8061.59 MB
Available physical RAM: 2595.5 MB
Total Virtual: 10285.88 MB
Available Virtual: 1793.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.19 GB) (Free:230.4 GB) (Model: ST500DM002-1BD142) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rita_Backup) (Fixed) (Total:465.22 GB) (Free:81.29 GB) NTFS

\\?\Volume{05149299-4b45-4129-946c-d611bc3b0c50}\ (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
\\?\Volume{c2eec83c-5e73-43e3-84d3-5caad5d6f665}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
\\?\Volume{c6318728-dc44-4ee6-8c4d-533549c7ba87}\ (PBR Image) (Fixed) (Total:6.6 GB) (Free:0.3 GB) NTFS
\\?\Volume{53be4f87-278d-4ebe-b69d-97c6e6a97bc2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0967E9DC)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 447E5792)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,648 posts

Your logs are clean.
 
Since you said the computer is old, let's perform a disk check.

Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
    
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP