Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 11 desktop running slowly [Solved]


  • This topic is locked This topic is locked

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 284 posts

Computer is taking a long time to run normal processes, like starting a new application or saving a document or loading a website. Also lots of "not responding" events.

FRST logs follow.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by jhauk (administrator) on DESKTOP-6JBP3L9 (Dell Inc. Inspiron 3670) (15-02-2023 06:38:39)
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk
Platform: Microsoft Windows 11 Home Version 21H2 22000.1455 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe <12>
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCopyAccelerator.exe
(C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\jhauk\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\70.0.2.0\crashpad_handler.exe <3>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxCUIService.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(sihost.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe [1257032 2021-04-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-12-10] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2020-12-06] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1977696 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> )
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4235112 2022-09-27] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [MicrosoftEdgeAutoLaunch_C3B4745A586F470C4B29567DA633CD3C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Amazon Music Helper] => C:\Users\jhauk\AppData\Local\Amazon Music\Amazon Music Helper.exe [2361288 2022-06-06] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Amazon Music] => C:\Users\jhauk\AppData\Local\Amazon Music\Amazon Music.exe [21368776 2022-06-06] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe [8038496 2023-02-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MP970 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD91.DLL [27648 2007-05-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS8300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFT.DLL [529408 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP970 series: C:\WINDOWS\system32\CNMLM91.DLL [258560 2007-05-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS8300 series: C:\WINDOWS\system32\CNMLMFT.DLL [959488 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [252416 2012-08-30] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.121\Installer\chrmstp.exe [2023-02-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NotificationTool.lnk [2020-02-13]
ShortcutTarget: NotificationTool.lnk -> C:\Program Files (x86)\Canon\hdAlbum EZ\NotificationTool.exe (Canon Inc. -> CANON INC.)
Startup: C:\Users\jhauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe - Shortcut.lnk [2019-10-12]
ShortcutTarget: firefox.exe - Shortcut.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A048CF9-2D5E-4014-A6F4-F9A58A9E08FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {122D71C1-1618-48E8-A6FD-23CBBF29D4E8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {155C3E5D-0899-4636-B4E4-9C556E2E219A} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {2122804D-EAB6-443D-BE63-E573E2B8A67D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {2328A2BB-9A64-4537-8B39-643A704C30A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28FEA64C-0CFB-4031-BD6F-97BBDB74F4C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D2C5F5B-3542-4DF5-BA37-04AF0627E322} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5092016 2023-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {2E6AB2B4-F339-4448-BDF3-4AD7EC3BA2EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C26AFD1-5C37-4F8A-BC2C-27E939578E35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)
Task: {716C1104-53F2-49D6-B462-854D99B1A3C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B441CF7D-6BEA-49EB-86C6-0A2CF1E6B253} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C0DEED-6435-47C9-977C-BB733565E0D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D4E51262-ACCE-4620-BA7E-4CEDE39A706D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {EDFF0B54-722B-4DB3-93E5-B0A4BC32CA25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1003496 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF030867-CB4B-4F85-9F29-7141A1950822} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCA6206D-B840-474E-8114-64E82E20DEBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e6d416ea-722e-4537-9bf4-49c06dbe3514}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: C:\Users\jhauk\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-15]
Edge DownloadDir: Default -> C:\Users\jhauk\Downloads
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-07]
Edge Extension: (Edge relevant text changes) - C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-02-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ou4ydgfb.default-1553941110074
FF ProfilePath: C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 [2023-02-15]
FF DownloadDir: C:\Users\jhauk\Desktop
FF Homepage: Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 -> hxxps://www.facebook.com/|hxxps://mail.google.com/mail/u/0/?ui=2#inbox|hxxps://calendar.google.com/calendar/u/0/r/day?tab=mc
FF Notifications: Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 -> hxxps://www.facebook.com; hxxps://usa.life; hxxps://mail.google.com
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\[email protected] [2023-02-03] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\[email protected] [2023-01-17]
FF Extension: (Zoom Scheduler) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2023-01-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default [2023-02-15]
CHR DownloadDir: C:\Users\jhauk\Desktop
CHR Extension: (Google Docs Offline) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-21]
CHR Extension: (Mountain River) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldnnpdpbcplkacehcbafmncblojlead [2020-05-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-24]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-02-25]
CHR Extension: (Slides) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-21]
CHR Extension: (Docs) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-21]
CHR Extension: (Google Drive) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-21]
CHR Extension: (YouTube) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-21]
CHR Extension: (Sheets) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-21]
CHR Extension: (Gmail) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-21]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-24]
CHR HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3834400 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-10-29] (Dell Inc -> )
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [334688 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-07-17] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe [107624 2018-12-13] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 06:38 - 2023-02-15 06:43 - 000029587 _____ C:\Users\jhauk\Desktop\FRST.txt
2023-02-15 06:38 - 2023-02-15 06:38 - 002378240 _____ (Farbar) C:\Users\jhauk\Desktop\FRST64.exe
2023-02-15 06:38 - 2023-02-15 06:38 - 000000000 ____D C:\Users\jhauk\Desktop\FRST-OlderVersion
2023-02-15 05:58 - 2023-02-15 05:58 - 000000000 ___HD C:\$WinREAgent
2023-02-13 08:23 - 2023-02-13 08:26 - 009805378 _____ C:\Users\jhauk\Documents\IMG_20230213_0001.pdf
2023-02-08 08:17 - 2023-02-08 08:20 - 003122008 _____ C:\Users\jhauk\Documents\IMG_20230208_0005.pdf
2023-02-08 08:16 - 2023-02-08 08:17 - 002392007 _____ C:\Users\jhauk\Documents\IMG_20230208_0004.pdf
2023-02-08 08:16 - 2023-02-08 08:16 - 001430875 _____ C:\Users\jhauk\Documents\IMG_20230208_0003.pdf
2023-02-08 08:15 - 2023-02-08 08:15 - 001178585 _____ C:\Users\jhauk\Documents\IMG_20230208_0002.pdf
2023-02-08 08:14 - 2023-02-08 08:14 - 001527891 _____ C:\Users\jhauk\Documents\IMG_20230208_0001.pdf
2023-02-07 00:13 - 2023-02-07 00:13 - 011148942 _____ C:\Users\jhauk\Documents\FUNK (2023-02-07).rmgb
2023-02-06 07:34 - 2023-02-06 07:34 - 000013728 _____ C:\Users\jhauk\Desktop\2023 CANDIDATE LIST FOR PRIMARY ELECTION (REPUBLICAN).xlsx
2023-02-01 05:55 - 2023-02-15 05:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-25 06:39 - 2023-01-25 06:39 - 000000000 ____D C:\Users\jhauk\AppData\Roaming\webex
2023-01-25 06:38 - 2023-02-14 23:03 - 000000000 ____D C:\Users\jhauk\AppData\Local\WebEx
2023-01-25 06:38 - 2023-01-25 06:40 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\WebEx
2023-01-25 06:36 - 2023-01-25 06:36 - 000486744 _____ (Cisco Webex LLC) C:\Users\jhauk\Downloads\webex.exe
2023-01-24 14:38 - 2023-01-24 14:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-24 14:38 - 2023-01-24 14:38 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-24 14:38 - 2023-01-24 14:38 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 06:44 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-15 06:44 - 2019-03-18 09:16 - 000000000 ____D C:\ProgramData\IDrive
2023-02-15 06:42 - 2022-04-28 09:33 - 000000000 ____D C:\FRST
2023-02-15 06:37 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-15 06:36 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-15 06:34 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-15 06:12 - 2021-10-07 08:41 - 000000000 ____D C:\Users\jhauk\AppData\Local\CrashDumps
2023-02-15 06:03 - 2019-03-18 08:34 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-15 05:51 - 2022-02-09 22:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-15 02:39 - 2020-06-08 05:52 - 000000000 ____D C:\Users\jhauk\Documents\Outlook Files
2023-02-15 02:39 - 2019-03-18 17:50 - 000000000 ____D C:\Users\jhauk\Documents\Bren
2023-02-15 02:37 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-15 01:24 - 2021-11-13 10:30 - 000000000 ____D C:\Program Files\MSBuild
2023-02-15 01:24 - 2021-11-13 10:30 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-02-15 01:24 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF
2023-02-15 01:18 - 2018-11-21 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-14 22:32 - 2021-11-13 15:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-14 12:46 - 2019-03-18 17:57 - 000000000 ____D C:\Users\jhauk\Desktop\John
2023-02-14 01:36 - 2021-11-13 11:06 - 000000000 ____D C:\Users\jhauk
2023-02-13 08:16 - 2019-03-18 08:26 - 000000000 ____D C:\Users\jhauk\AppData\Local\Packages
2023-02-11 09:33 - 2019-03-19 04:21 - 000000000 ____D C:\Users\Aukerman\Desktop\John
2023-02-11 09:28 - 2020-06-20 05:07 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-09 16:01 - 2021-11-13 15:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 16:01 - 2021-11-13 15:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-08 23:50 - 2019-03-18 08:35 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-08 15:49 - 2021-02-03 13:32 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-02-08 08:14 - 2020-02-13 13:56 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-02-07 00:14 - 2019-04-08 05:46 - 041014272 _____ C:\Users\jhauk\Documents\FUNK.rmgc
2023-02-06 23:39 - 2019-07-30 06:16 - 004658176 _____ C:\Users\jhauk\Documents\aukerman20190730.rmgc
2023-02-06 00:10 - 2019-03-18 11:25 - 000000000 ____D C:\Users\jhauk\AppData\Local\D3DSCache
2023-02-01 23:29 - 2021-11-13 15:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-01 23:29 - 2019-03-18 08:43 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-01 23:29 - 2019-03-18 08:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-01 02:29 - 2019-03-18 08:43 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\Mozilla
2023-02-01 00:52 - 2019-04-02 07:43 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-01 00:49 - 2021-11-13 15:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-01 00:49 - 2020-08-05 01:33 - 000012288 ___SH C:\DumpStack.log.tmp
2023-01-27 22:55 - 2019-07-06 06:35 - 001932288 _____ C:\Users\jhauk\Documents\woodrum.rmgc
2023-01-23 23:29 - 2021-01-22 06:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2021-01-18 12:44 - 2021-01-18 12:44 - 000000171 _____ () C:\Users\jhauk\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by jhauk (15-02-2023 06:52:13)
Running from C:\Users\jhauk\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1455 (X64) (2021-11-13 21:00:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1015540938-3996997567-1391499832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1015540938-3996997567-1391499832-503 - Limited - Disabled)
Guest (S-1-5-21-1015540938-3996997567-1391499832-501 - Limited - Disabled)
jhauk (S-1-5-21-1015540938-3996997567-1391499832-1001 - Administrator - Enabled) => C:\Users\jhauk
WDAGUtilityAccount (S-1-5-21-1015540938-3996997567-1391499832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.8 (HKLM\...\{2FA2F521-494C-4E8F-8C30-3D3E81590413}) (Version: 4.8.0.2852 - Open Media LLC)
AceMoney (HKLM-x32\...\AceMoney_is1) (Version:  - MechCAD Software)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Music (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Amazon Amazon Music) (Version: 9.1.0.2339 - Amazon.com Services LLC)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon TS8300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8300_series) (Version: 1.02 - Canon Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\ActiveTouchMeetingClient) (Version: 43.1.0 - Cisco Webex LLC)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.59 - NCH Software)
Dell Digital Delivery Service (HKLM-x32\...\{DD47FCB3-5038-40CE-A02A-85F51BA03F37}) (Version: 3.6.1012.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{3A0ECCB6-1034-440E-8672-C4E14CCB7689}) (Version: 3.10.1.23 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{795931D8-2EBF-4969-A678-4219B161F676}) (Version: 5.4.3.15135 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{555298fa-14a9-48f2-a7a0-9602f31785da}) (Version: 5.4.3.15135 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{F68DA8E2-38B6-47A7-AB62-BFE8B740F792}) (Version: 4.7.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.121 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 70.0.2.0 - Google LLC)
hdAlbum EZ (HKLM-x32\...\{014BBF3C-D9C4-4FD0-857D-E7DDC95263C0}) (Version: 1.7.1.6 - Canon Inc.)
IDrive version 6.7.3.6 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.6 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM\...\{148D6ED8-24B8-443D-9C5B-5D6BF506671B}) (Version: 10.1.17903.8106 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel® Corporation)
Intel® Icls (HKLM\...\{4625C928-49BB-44DC-92E3-B9EC0972C72D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{C6577DC3-0C37-48BF-817B-54941E2A9D5F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{8A47F310-D3B6-4894-AE24-5E997B13999B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{D80FDFD4-0702-4950-A949-CC2AE3B36F23}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{434309ED-354E-460C-B241-0803232C7CC9}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® OEM Extension (HKLM\...\{FEB772C1-919E-4145-9691-AFFAC915496F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.9.1040 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{6B487AA5-94E3-4B20-A1AF-2FA0CEA5BD13}) (Version: 17.5.9.1040 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Jihosoft Phone Transfer version 3.4.2.0 (HKLM-x32\...\{116B8806-B959-4600-8591-35E60440BD3D}_is1) (Version: 3.4.2.0 - HONGKONG JIHO CO., LIMITED)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.54.161 - Logitech)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{843E8BAC-637E-4354-94D7-73D910E2168F}) (Version: 4.71.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{92418797-A53F-4B3E-A56A-F8B739B6F1FF}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{B12E6B2E-1E47-4D58-A45E-AA92A5F8F8FD}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Movavi Screen Recorder Studio 10 (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Movavi Screen Recorder Studio 10) (Version: 10.2.0 - Movavi)
Movavi Video Editor Plus 2022 (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Movavi Video Editor Plus 2022) (Version: 22.1.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 109.0.1 (x64 en-US)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - Passport)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.5 - Canon Inc.)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8791.1 - Realtek Semiconductor Corp.)
RootsMagic 7.6.1.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.6.1.0 - RootsMagic, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 10.40 - NCH Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSDC Free Video Editor version 6.3.9.49 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.9.49 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Web Launch Recorder (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wondershare TunesGo ( Version 9.7.3 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.7.3 - Wondershare)
Youtube Downloader HD v. 4.4.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
Zoom (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)

Packages:
=========
Audacity 2 -> C:\Program Files\WindowsApps\42109FactoriaDatacenter.Audacity2_2.3.2.0_neutral__zaf1c6h4vqsbt [2019-05-29] (Repackagerexpress.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.96.1.0_x64__kgqvnymyfvs32 [2023-01-31] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2451.1.0_x64__kgqvnymyfvs32 [2023-02-07] (king.com)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2023-01-17] (Canon Inc.)
Corel PaintShop Pro -> C:\Program Files\WindowsApps\CorelCorporation.PaintShopPro_25.1.32.0_x64__wbjqpk9xt50t4 [2022-12-03] (Corel Corporation)
Cut Video App -> C:\Program Files\WindowsApps\AnywaySoftInc.CutVideoApp_1.2.6.0_x64__0qkrc2qacwvfm [2023-01-17] (AnywaySoft, Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2023-01-15] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2023-02-13] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2023-01-17] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.4.0_x64__htrsf667h5kn2 [2021-11-13] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.7.31.0_x86__htrsf667h5kn2 [2022-11-09] (Dell Inc)
Downloader for YouTube. Free Coverter to MP3, MP4 & AVI. -> C:\Program Files\WindowsApps\13240GoodBuzzMedia.DownloaderforYouTube.FreeCovert_1.1.17.0_x64__pkybfkfh0fpqa [2020-11-03] (Good Buzz Media)
Express Burn CD and DVD Burner Free -> C:\Program Files\WindowsApps\NCHSoftware.ExpressBurnFree_11.0.9.0_x86__7kedsbyvzns34 [2022-10-16] (NCH Software)
Free Instant Youtube Downloader -> C:\Program Files\WindowsApps\356E5ED5.FreeInstantYoutubeDownloader_1.5.2.0_x64__n9erwrkheyjxe [2020-02-04] (Prospera Software Inc.) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-01-16] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-11-13] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2022-12-15] (Apple Inc.) [Startup Task]
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2023-01-17] (OverDrive Inc.)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-01-16] (McAfee LLC.)
Media Player -> C:\Program Files\WindowsApps\YellowElephantProductions.MediaPlayerS_1.268.117.0_x64__p3e1zgp7z7szg [2023-02-13] (Yellow Elephant Productions)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Meme-Generator -> C:\Program Files\WindowsApps\8840NaveenCS.Meme-Generator_3.3.0.0_neutral__20e0kv46hk748 [2023-01-17] (Naveen CS)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe [2023-01-31] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.6003.0_x64__8wekyb3d8bbwe [2023-02-08] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-10-16] (Microsoft Corporation)
MuseScore 3 -> C:\Program Files\WindowsApps\64051MuseScoreBVBA.MuseScoreNotationSoftware_3.3.4.0_x64__pz631wrhsw9tj [2022-09-06] (MuseScore BVBA)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.1.8.0_x64__htrsf667h5kn2 [2023-01-15] (Dell Inc)
OpenShot Video Editor - MS Store Port -> C:\Program Files\WindowsApps\37559StorePorts.OpenShotVideoEditor-MSStorePort_1.1.2.0_x64__gbs9e2cxjv4vj [2020-02-21] (Store Ports)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.25.0_x64__nfy108tqq3p12 [2023-01-16] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2023-01-17] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-11] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.562.360.0_x86__55nm5eh3cm0pr [2023-02-11] (ROBLOX Corporation)
Screen Recorder Lite -> C:\Program Files\WindowsApps\YellowElephantProductions.ScreenRecorderLite_1.229.145.0_x64__p3e1zgp7z7szg [2022-12-24] (Yellow Elephant Productions) [Startup Task]
SHARE.it -> C:\Program Files\WindowsApps\30608Paradox.SHAREit81_1.7.18.0_x64__ghshvk1r7eapp [2019-04-30] (SHAREit Technologies Co.Ltd) [MS Ad]
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4 [2022-11-29] (Slack Technologies Inc.) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2023-01-17] (Microsoft Corporation)
Ultra Screen Recorder -> C:\Program Files\WindowsApps\D5BE6627.UltraScreenRecorder_2.0.9.0_x86__9pm2v9747qaaa [2021-03-29] (CompuClever Systems Inc.)
VideoPad Video Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.VideoPadVideoEditorFree_13.0.7.0_x86__7kedsbyvzns34 [2023-01-26] (NCH Software)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2023-01-17] (VideoLAN)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-01-17] (Waves Audio)
Zalo Desktop -> C:\Program Files\WindowsApps\VNGOnline.Zalofordesktop_19.8.1.0_x64__z59ddpn1nx8g0 [2019-08-16] (VNG Online)
ZAPYA -> C:\Program Files\WindowsApps\EBAC32FB.ZAPYA_1.2.6.0_x86__7pjp2xjm0bc9w [2023-01-17] (邻动(北京)技术有限公司)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-23 18:04 - 2020-02-18 12:19 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2020-02-23 18:04 - 2020-02-18 12:19 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2020-05-12 05:16 - 2020-05-12 05:16 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\e_sqlite3.dll
2023-02-13 23:40 - 2023-02-13 23:40 - 000016384 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2\Dell.D3.HSA.Client.dll
2023-02-13 23:40 - 2023-02-13 23:40 - 022913024 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2\Dell.D3.UWP.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2021-06-27 15:45 - 2016-10-21 15:06 - 000318976 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-06-27 15:45 - 2017-06-27 09:59 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-06-27 15:45 - 2017-11-02 14:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2021-06-27 15:45 - 2017-11-02 14:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2011-08-30 07:06 - 2011-08-30 07:06 - 000267776 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNBLM4.DLL
2019-03-19 04:52 - 2012-08-30 10:18 - 000252416 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-03-18 08:21 - 2011-08-30 07:06 - 000084992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNBPP4.DLL
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2021-11-04 06:22 - 2021-11-04 06:22 - 016742912 _____ (McAfee LLC) [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\oldnational.com -> hxxps://www.oldnational.com
IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\pnc.com -> hxxps://www.onlinebanking.pnc.com
IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\sharepoint.com -> hxxps://anderson0-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-07-12 05:56 - 2021-07-12 05:56 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Control Panel\Desktop\\Wallpaper -> c:\users\jhauk\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\2022 09 30 (1).jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Zalo"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C3B4745A586F470C4B29567DA633CD3C"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E9FAE067-76E3-48EB-BAA1-F793EE97358A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{EFAE7FA9-91D4-4DA9-B435-B080634A4E28}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{036C20CF-D6E6-4B34-B413-9459073ED26F}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{37020B62-4258-4ABC-9472-2368C60CE78C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{0937C031-7424-4A22-A065-9A9E1D396F17}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{6E23B3D1-7A4F-4AF6-9719-0D263E97DE6D}C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe] => (Allow) C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [TCP Query User{565B4B4A-B93A-4ECA-975E-380E884EDBFF}C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe] => (Allow) C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{D8DD128A-FB4A-448A-85E4-37BFF4E1E1A5}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{3F2A6D7E-9815-45CF-B176-9C8BC9FA27E0}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{7023B499-2448-4724-8081-517C15763D1F}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{88D6118D-6A11-4619-897E-735523227F99}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{D545A722-3337-485D-BDC1-704C1A98AB82}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{55DBA7B1-5982-433F-8D38-DE7E7E51F490}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{C2006FCD-AD51-45E0-B4A4-B874E7474F91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{482CD256-9F6B-400E-B563-E6821169580F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{05D6B342-78F3-482C-B53E-0D3E4467F99D}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{3AA89511-D6C1-4D99-B70B-6B07A506BA62}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{0BF25BA8-8276-4A70-9625-7D0BC5C469D6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{679BE155-291B-4E8E-B2AC-F1921EC4D296}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C8BDF5C-688F-44CC-97D4-5D424F8C21C5}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A2F0449E-3209-4845-87D9-DA307F34038F}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27F71529-7896-476F-882E-3DBDD684B55B}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2F77443A-2BBF-4DF0-B3F2-7713C3AF592F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF44B2B3-CF16-4D4B-AD98-044D5988633E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A17E8691-8314-4A4C-B51E-E8862B5E60BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EB6AD0E-517D-4501-B57A-D1F3C781128D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A0FA5F6-58A4-4B03-97B2-B932FDF2539F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A38BC89D-160E-4E61-B9B9-29402C038CE8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E7740F51-85DE-46F0-89E0-69FA4D4CE253}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5BB1E956-7286-4823-ADC7-D7385777E5A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{57DA26D0-DFCD-4BA7-81CC-12FC7C00F7EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Singing Monsters\MySingingMonsters.exe () [File not signed]
FirewallRules: [{219FADE3-AB6A-4BAF-8B7E-0A25FDD611A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Singing Monsters\MySingingMonsters.exe () [File not signed]
FirewallRules: [TCP Query User{29E0F872-A536-4CE6-B1CC-767649AE7FF7}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
FirewallRules: [UDP Query User{D187D965-72A2-4E91-AD12-31C45A2C1321}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
FirewallRules: [{C969EE14-DF4D-4FA1-B141-DD46589DE147}] => (Allow) LPort=34000
FirewallRules: [{15F027A1-E38F-4342-B6AF-D520900C3721}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{B5BC327A-612A-4231-97B4-B6CCBDFF9FDA}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{096C3BE6-DC39-4E85-B400-8325B160CCCF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CEE132D-FF76-46EE-BC75-5CC92A6BD2EE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D263BF8-B53D-417C-B7E7-36DFAC6FF5A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE81B107-672B-41DC-8E66-4CB9AAECDF54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A162375-2AA6-4F78-B911-F3D17F7BE962}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F72A30F5-1262-4991-A780-06BEBA4A7B03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0ABE7C3C-2954-4321-ACB8-AB219D6342A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BEDADAD-FF6E-47A0-9B46-5816C10B1FBE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{237F4AEC-AF53-4DDF-95DA-A5986151D6B9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88AAA5BB-983C-47BD-AB82-76BFA9FC8B07}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C339C6B0-C18F-4F3D-840B-931C72C3A30C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB97BB0E-2CF3-4A64-9F00-81893D44AC83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-02-2023 02:37:40 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/15/2023 06:09:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 22.3.20314.0, time stamp: 0x63cb6acb
Faulting module name: ntdll.dll, version: 10.0.22000.918, time stamp: 0x57b668f2
Exception code: 0xc0000005
Fault offset: 0x000000000001d4d1
Faulting process id: 0x4078
Faulting application start time: 0x01d9412cfc8e72de
Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1539fb6d-a20b-4b93-a6e2-054c57a0c133
Faulting package full name:
Faulting package-relative application ID:

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 17512, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 624, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 8908, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 17512, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 17512, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 17512, ProfSvc PID: 2040.

Error: (02/14/2023 05:56:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 17512, ProfSvc PID: 2040.


System errors:
=============
Error: (02/15/2023 05:53:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JBP3L9)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (02/15/2023 05:52:10 AM) (Source: googledrivefs3758) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (02/15/2023 05:47:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/14/2023 10:32:53 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/14/2023 07:16:25 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/14/2023 03:46:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JBP3L9)
Description: The server microsoft.windowscommunicationsapps_16005.14326.21318.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (02/14/2023 03:46:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/14/2023 12:38:16 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.


Windows Defender:
================
Date: 2023-02-15 02:37:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-14 06:07:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-13 07:52:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-12 07:16:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-11 08:57:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-15 02:37:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-01 06:04:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-13 05:41:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-13 05:41:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.15.0 02/21/2020
Motherboard: Dell Inc. 0H4VK7
Processor: Intel® Core™ i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 83%
Total physical RAM: 8006.97 MB
Available physical RAM: 1350.02 MB
Total Virtual: 14342.61 MB
Available Virtual: 4146.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.05 GB) (Free:515.25 GB) (Model: ST1000DM010-2EP102) NTFS
Drive g: (Google Drive) (Fixed) (Total:917.05 GB) (Free:489.49 GB) (Model: ST1000DM010-2EP102) FAT32

\\?\Volume{ddeb6c84-810c-46a1-aec6-44f8c7ccad3a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.39 GB) NTFS
\\?\Volume{df0a5467-a661-4a6f-af6f-55c9d5055271}\ (Image) (Fixed) (Total:11.66 GB) (Free:0.22 GB) NTFS
\\?\Volume{5da840b2-c364-4272-bd43-d66afc350687}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.21 GB) NTFS
\\?\Volume{7f86ac07-f133-4645-b879-12d32c99ea96}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 926B0D78)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hello.

 

Did you intentionally set the following policies?

 

HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0


  • 0

#3
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

No I did not.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

OK.

Some guidelines first for you to have in mind:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
====================
 
Let's begin:
 
1. Uninstall an app

  • Go to Settings (press the Windows logo key and the letter i on the keyboard)
  • Choose Apps from the menu at the left
  • Go to Installed apss
  • Find McAfee® Personal Security, click on the 3 dots at the right and choose Uninstall

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
2020-05-12 05:16 - 2020-05-12 05:16 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\e_sqlite3.dll
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
FirewallRules: [UDP Query User{37020B62-4258-4ABC-9472-2368C60CE78C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{0937C031-7424-4A22-A065-9A9E1D396F17}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [{A2F0449E-3209-4845-87D9-DA307F34038F}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27F71529-7896-476F-882E-3DBDD684B55B}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{29E0F872-A536-4CE6-B1CC-767649AE7FF7}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
FirewallRules: [UDP Query User{D187D965-72A2-4E91-AD12-31C45A2C1321}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If uninstalling McAfee ran smoothly
  2. The fixlog.txt

  • 0

#5
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Uninstalling McAfee went smoothly.

 

FRST froze. Doesn't look like it ever finished.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by jhauk (16-02-2023 08:11:12) Run:1
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
2020-05-12 05:16 - 2020-05-12 05:16 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\e_sqlite3.dll
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
FirewallRules: [UDP Query User{37020B62-4258-4ABC-9472-2368C60CE78C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{0937C031-7424-4A22-A065-9A9E1D396F17}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [{A2F0449E-3209-4845-87D9-DA307F34038F}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27F71529-7896-476F-882E-3DBDD684B55B}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{29E0F872-A536-4CE6-B1CC-767649AE7FF7}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
FirewallRules: [UDP Query User{D187D965-72A2-4E91-AD12-31C45A2C1321}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Policies\Microsoft\Windows\System\\EnableActivityFeed" => removed successfully
"HKLM\Software\Policies\Microsoft\Windows\System\\PublishUserActivities" => removed successfully
"HKLM\Software\Policies\Microsoft\Windows\System\\UploadUserActivities" => removed successfully
"HKLM\Software\Policies\Microsoft\Windows\System\\AllowClipboardHistory" => removed successfully
"HKLM\Software\Policies\Microsoft\Windows\System\\AllowCrossDeviceClipboard" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
DBUtilDrv2 => service not found.
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\e_sqlite3.dll => moved successfully
"HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43B1B2E9-843B-4459-8E32-95BA5A2117FD} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{37020B62-4258-4ABC-9472-2368C60CE78C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0937C031-7424-4A22-A065-9A9E1D396F17}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2F0449E-3209-4845-87D9-DA307F34038F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27F71529-7896-476F-882E-3DBDD684B55B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{29E0F872-A536-4CE6-B1CC-767649AE7FF7}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D187D965-72A2-4E91-AD12-31C45A2C1321}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22000.653

Image Version: 10.0.22000.1574


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.0%                           ]

[==                         4.1%                           ]

[==                         4.2%                           ]

[==                         4.2%                           ]

[==                         4.4%                           ]

[==                         4.5%                           ]

[==                         4.6%                           ]

[==                         4.8%                           ]

[==                         4.8%                           ]

[==                         5.0%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.1%                           ]

[===                        6.3%                           ]

[===                        6.4%                           ]

[===                        6.6%                           ]

[===                        6.7%                           ]

[===                        6.7%                           ]

[===                        6.8%                           ]

[===                        6.8%                           ]

[===                        6.9%                           ]

[====                       7.3%                           ]

[====                       8.3%                           ]

[====                       8.5%                           ]

[====                       8.6%                           ]

[====                       8.6%                           ]

[=====                      8.8%                           ]

[=====                      9.0%                           ]

[=====                      9.1%                           ]

[=====                      9.2%                           ]

[=====                      9.4%                           ]

[=====                      9.5%                           ]

[=====                      10.0%                          ]

[======                     10.6%                          ]

[======                     10.9%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.4%                          ]

[======                     11.4%                          ]

[======                     11.6%                          ]

[======                     11.8%                          ]

[=======                    12.1%                          ]

[=======                    12.3%                          ]

[=======                    12.5%                          ]

[=======                    12.5%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.2%                          ]

[=======                    13.4%                          ]

[=======                    13.7%                          ]

[========                   13.9%                          ]

[========                   14.2%                          ]

[========                   14.5%                          ]

[========                   14.7%                          ]

[========                   14.9%                          ]

[========                   15.0%                          ]

[========                   15.1%                          ]

[========                   15.3%                          ]

[========                   15.5%                          ]

[=========                  15.6%                          ]

[=========                  15.8%                          ]

[=========                  16.0%                          ]

[=========                  16.2%                          ]

[=========                  16.2%                          ]

[=========                  16.4%                          ]

[=========                  16.5%                          ]

[=========                  16.5%                          ]

[=========                  16.5%                          ]

[=========                  16.6%                          ]

[=========                  16.6%                          ]

[=========                  16.7%                          ]

[=========                  16.8%                          ]

[=========                  16.8%                          ]

[=========                  17.1%                          ]

[=========                  17.1%                          ]

[=========                  17.1%                          ]

[=========                  17.2%                          ]

[==========                 17.4%                          ]

[==========                 17.5%                          ]

[==========                 17.7%                          ]

[==========                 17.9%                          ]

[==========                 18.0%                          ]

[==========                 18.2%                          ]

[==========                 18.3%                          ]

[==========                 18.5%                          ]

[==========                 18.7%                          ]

[==========                 18.9%                          ]

[===========                19.1%                          ]

[===========                19.2%                          ]

[===========                19.3%                          ]

[===========                19.5%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                19.9%                          ]

[===========                20.2%                          ]

[===========                20.4%                          ]

[===========                20.5%                          ]

[===========                20.7%                          ]

[============               20.9%                          ]

[============               21.3%                          ]

[============               21.4%                          ]

[============               21.4%                          ]

[============               21.5%                          ]

[============               21.7%                          ]

[============               21.8%                          ]

[============               22.0%                          ]

[============               22.1%                          ]

[============               22.3%                          ]

[============               22.3%                          ]

[=============              22.4%                          ]

[=============              22.5%                          ]

[=============              22.7%                          ]

[=============              22.9%                          ]

[=============              22.9%                          ]

[=============              23.2%                          ]

[=============              23.2%                          ]

[=============              23.2%                          ]

[=============              23.5%                          ]

[=============              23.8%                          ]

[==============             24.5%                          ]

[==============             25.4%                          ]

[===============            26.2%                          ]

[===============            26.3%                          ]

[===============            26.4%                          ]

[===============            26.6%                          ]

[===============            26.7%                          ]

[===============            26.9%                          ]

[===============            26.9%                          ]

[===============            27.0%                          ]

[===============            27.0%                          ]

[===============            27.1%                          ]

[===============            27.1%                          ]

[===============            27.2%                          ]

[===============            27.2%                          ]

[===============            27.2%                          ]

[===============            27.3%                          ]

[===============            27.3%                          ]

[===============            27.4%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[================           27.6%                          ]

[================           27.7%                          ]

[================           27.7%                          ]

[================           27.8%                          ]

[================           27.8%                          ]

[================           27.8%                          ]

[================           27.9%                          ]

[================           27.9%                          ]

[================           28.1%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.2%                          ]

[================           28.3%                          ]

[================           28.5%                          ]

[================           28.5%                          ]

[================           28.8%                          ]

[================           28.9%                          ]

[================           29.1%                          ]

[================           29.1%                          ]

[================           29.1%                          ]

[================           29.1%                          ]

[================           29.2%                          ]

[================           29.3%                          ]

[================           29.3%                          ]

[=================          29.4%                          ]

[=================          29.4%                          ]

[=================          29.5%                          ]

[=================          29.6%                          ]

[=================          29.7%                          ]

[=================          29.7%                          ]

[=================          29.8%                          ]

[=================          29.9%                          ]

[=================          29.9%                          ]

[=================          30.0%                          ]

[=================          30.0%                          ]

[=================          30.1%                          ]

[=================          30.2%                          ]

[=================          30.3%                          ]

[=================          30.3%                          ]

[=================          30.3%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.5%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.7%                          ]

[=================          30.8%                          ]

[=================          30.8%                          ]

[=================          30.9%                          ]

[=================          30.9%                          ]

[=================          30.9%                          ]

[==================         31.2%                          ]

[==================         31.2%                          ]

[==================         31.3%                          ]

[==================         31.5%                          ]

[==================         31.5%                          ]

[==================         31.7%                          ]

[==================         31.8%                          ]

[==================         31.8%                          ]

[==================         32.0%                          ]

[==================         32.2%                          ]

[==================         32.2%                          ]

[==================         32.3%                          ]

[==================         32.6%                          ]

[==================         32.8%                          ]

[==================         32.8%                          ]

[===================        32.8%                          ]

[===================        32.8%                          ]

[===================        32.9%                          ]

[===================        32.9%                          ]

[===================        33.0%                          ]

[===================        33.0%                          ]

[===================        33.0%                          ]

[===================        33.0%                          ]

[===================        33.1%                          ]

[===================        33.1%                          ]

[===================        33.1%                          ]

[===================        33.1%                          ]

[===================        33.2%                          ]

[===================        33.2%                          ]

[===================        33.3%                          ]

[===================        33.4%                          ]

[===================        33.4%                          ]

[===================        33.4%                          ]

[===================        33.4%                          ]

[===================        33.5%                          ]

[===================        33.5%                          ]

[===================        33.5%                          ]

[===================        33.6%                          ]

[===================        33.6%                          ]

[===================        33.7%                          ]

[===================        33.7%                          ]

[===================        33.7%                          ]

[===================        33.8%                          ]

[===================        33.8%                          ]

[===================        33.8%                          ]

[===================        33.9%                          ]

[===================        34.0%                          ]

[===================        34.0%                          ]

[===================        34.0%                          ]

[===================        34.0%                          ]

[===================        34.0%                          ]

[===================        34.1%                          ]

[===================        34.2%                          ]

[===================        34.2%                          ]

[===================        34.2%                          ]

[===================        34.2%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.4%                          ]

[===================        34.4%                          ]

[===================        34.4%                          ]

[====================       34.5%                          ]

[====================       34.5%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.7%                          ]

[====================       34.7%                          ]

[====================       34.7%                          ]

[====================       34.8%                          ]

[====================       34.8%                          ]

[====================       34.8%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       34.9%                          ]

[====================       35.0%                          ]

[====================       35.1%                          ]

[====================       35.1%                          ]

[====================       35.1%                          ]

[====================       35.2%                          ]

[====================       35.2%                          ]

[====================       35.3%                          ]

[====================       35.4%                          ]

[====================       35.5%                          ]

[====================       35.6%                          ]

[====================       35.6%                          ]

[====================       35.7%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.9%                          ]

[====================       35.9%                          ]

[====================       36.0%                          ]

[====================       36.1%                          ]

[====================       36.2%                          ]

[====================       36.2%                          ]

[====================       36.2%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.4%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.6%                          ]

[=====================      36.7%                          ]

[=====================      36.8%                          ]

[=====================      36.9%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.2%                          ]

[=====================      37.4%                          ]

[=====================      37.6%                          ]

[=====================      37.7%                          ]

[=====================      37.9%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.1%                          ]

[======================     38.2%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.5%                          ]

[======================     38.5%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.7%                          ]

[======================     38.8%                          ]

[======================     38.9%                          ]

[======================     38.9%                          ]

[======================     39.0%                          ]

[======================     39.1%                          ]

[======================     39.1%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.3%                          ]

[======================     39.4%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.6%                          ]

[======================     39.6%                          ]

[=======================    39.7%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.9%                          ]

[=======================    39.9%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.4%                          ]

[=======================    40.4%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.6%                          ]

[=======================    40.6%                          ]

[=======================    40.7%                          ]

[=======================    40.7%                          ]

[=======================    40.8%                          ]

[=======================    40.8%                          ]

[=======================    40.9%                          ]

[=======================    40.9%                          ]

[=======================    41.0%                          ]

[=======================    41.1%                          ]

[=======================    41.1%                          ]

[=======================    41.1%                          ]

[=======================    41.2%                          ]

[=======================    41.2%                          ]

[=======================    41.4%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.5%                          ]

[========================   41.6%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.8%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.1%                          ]

[========================   42.2%                          ]

[========================   42.3%                          ]

[========================   42.3%                          ]

[========================   42.4%                          ]

[========================   42.4%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.7%                          ]

[========================   42.8%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   43.0%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.2%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.4%                          ]

[=========================  43.4%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.6%                          ]

[=========================  43.6%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  43.9%                          ]

[=========================  43.9%                          ]

[=========================  44.0%                          ]

[=========================  44.1%                          ]

[=========================  44.1%                          ]

[=========================  44.1%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.5%                          ]

[=========================  44.6%                          ]

[=========================  44.7%                          ]

[========================== 44.8%                          ]

[========================== 45.0%                          ]

[========================== 45.1%                          ]

[========================== 45.1%                          ]

[========================== 45.2%                          ]

[========================== 45.3%                          ]

[========================== 45.4%                          ]

[========================== 45.5%                          ]

[========================== 45.7%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 46.0%                          ]

[========================== 46.0%                          ]

[========================== 46.2%                          ]

[========================== 46.3%                          ]

[========================== 46.4%                          ]

[===========================46.6%                          ]

[===========================46.6%                          ]

[===========================46.6%                          ]

[===========================46.7%                          ]

[===========================46.9%                          ]

[===========================46.9%                          ]

[===========================47.0%                          ]

[===========================47.1%                          ]

[===========================47.1%                          ]

[===========================47.2%                          ]

[===========================47.2%                          ]

[===========================47.2%                          ]

[===========================47.3%                          ]

[===========================47.4%                          ]

[===========================47.5%                          ]

[===========================47.5%                          ]

[===========================47.5%                          ]

[===========================47.6%                          ]

[===========================47.8%                          ]

[===========================47.8%                          ]

[===========================48.0%                          ]

[===========================48.1%                          ]

[===========================48.2%                          ]

[===========================48.2%                          ]

[===========================48.3%                          ]

[===========================48.5%                          ]

[===========================48.5%                          ]

[===========================48.7%                          ]

[===========================48.9%                          ]

[===========================49.3%                          ]

[===========================49.6%                          ]

[===========================49.7%                          ]

[===========================50.1%                          ]

[===========================50.3%                          ]

[===========================50.6%                          ]

[===========================50.8%                          ]

[===========================51.1%                          ]

[===========================51.4%                          ]

[===========================51.6%                          ]

[===========================51.9%                          ]

[===========================52.2%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.8%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.1%                          ]

[===========================55.1%                          ]

[===========================55.1%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================56.0%                          ]

[===========================56.0%                          ]

[===========================56.0%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.2%                          ]

[===========================56.3%                          ]

[===========================56.3%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.6%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.9%=                         ]

[===========================58.5%=                         ]

[===========================59.0%==                        ]

[===========================60.0%==                        ]

[===========================60.2%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= SFC /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 264181767 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 87914560 B
Windows/system/drivers => 8808804 B
Edge => 0 B

 


  • 0

#6
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Now FRST is running again. Will post log when complete.


  • 0

#7
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

FRST keeps alternating between running and Not Responding.......


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

From the logs:
 
Windows Resource Protection found corrupt files and successfully repaired them.

The important thing with FRST is to give it time. Even if it seems to be stuck/not responding, wait until it finishes. The main part of the fix ran, anyway.

 

Before I ask you anything else, I would like to confirm that everything is clean.


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#9
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-16-2023
# Duration: 00:02:43
# OS:       Windows 11 (Build 22000.1574)
# Scanned:  32099
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [2105 octets] - [16/02/2023 11:20:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/16/23
Scan Time: 12:39 PM
Log File: dba511a0-ae20-11ed-b3f5-8cec4b9d7055.json

-Software Information-
Version: 4.5.22.236
Components Version: 1.0.1915
Update Package Version: 1.0.65778
License: Trial

-System Information-
OS: Windows 11 (Build 22000.1574)
CPU: x64
File System: NTFS
User: DESKTOP-6JBP3L9\jhauk

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Cancelled
Objects Scanned: 54153
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Now my Gmail screen is messed up. Instead of the normal screen, see attachment for what I'm getting. I have restarted the computer, didn't help.gmail.jpg


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

No idea why Gmail is messed up. Did you try with another browser?
 
No malware detected, only some pre-installed software, software which was installed when you bought the computer. You can uninstall it if you don't use/need it. It is related with these:
 
DELL DIGITAL DELIVERY
SAREMEDIATION\PLUGIN
SUPPORTASSISTAGENT
DELL\UPDATESERVICE
DELL\UPDATE
 
In case you want to uninstall them:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

Now, I would like you to do a disk check:

Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
    
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

 

In your next reply please post:

  1. If the mail issue occurs in other browsers
  2. What did you decide to do with the preinstalled software and if you uninstalled it, the AdwCleaner's log
  3. The log from the Chkdsk run

  • 0

Advertisements


#11
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

I found a fix to my Gmail issue.

I quarantined all preinstalled software.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-16-2023
# Duration: 00:00:51
# OS:       Windows 11 (Build 22000.1574)
# Scanned:  32098
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [2105 octets] - [16/02/2023 11:20:22]
AdwCleaner[S01].txt - [2166 octets] - [16/02/2023 13:00:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/17/2023 7:00:49 AM >------
Category: 0
Computer Name: DESKTOP-6JBP3L9
Event Code: 1001
Record Number: 68972
Source Name: Microsoft-Windows-Wininit
Time Written: 02-16-2023 @ 21:45:40
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x15b.
Cleaning up instance tags for file 0x31131.
Cleaning up instance tags for file 0x3118d.
  1126144 file records processed.                                                        

File verification completed.
 Phase duration (File record verification): 48.31 seconds.
  36380 large file records processed.                                   

 Phase duration (Orphan file record recovery): 12.23 milliseconds.
  0 bad file records processed.                                     

 Phase duration (Bad file record checking): 1.76 milliseconds.

Stage 2: Examining file name linkage ...
  75944 reparse records processed.                                      

  1458166 index entries processed.                                                       

Index verification completed.
 Phase duration (Index verification): 2.63 minutes.
  0 unindexed files scanned.                                        

 Phase duration (Orphan reconnection): 5.43 seconds.
  0 unindexed files recovered to lost and found.                    

 Phase duration (Orphan recovery to lost and found): 1.48 minutes.
  75944 reparse records processed.                                      

 Phase duration (Reparse point and Object ID verification): 197.22 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 3684 unused index entries from index $SII of file 0x9.
Cleaning up 3684 unused index entries from index $SDH of file 0x9.
Cleaning up 3684 unused security descriptors.
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 236.15 milliseconds.
  166012 data files processed.                                           

 Phase duration (Data attribute verification): 29.82 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  1126128 files processed.                                                               

File data verification completed.
 Phase duration (User file recovery): 1.33 hours.

Stage 5: Looking for bad, free clusters ...
  147990642 free clusters processed.                                                       

Free space verification is complete.
 Phase duration (Free space recovery): 1.09 hours.

Windows has made corrections to the file system.
No further action is required.

 961593343 KB total disk space.
 368070308 KB in 604184 files.
    318860 KB in 166013 indexes.
         0 KB in bad sectors.
   1241607 KB in use by the system.
     65536 KB occupied by the log file.
 591962568 KB available on disk.

      4096 bytes in each allocation unit.
 240398335 total allocation units on disk.
 147990642 allocation units available on disk.
Total duration: 2.51 hours (9068298 ms).

Internal Info:
00 2f 11 00 a0 c0 0b 00 cc 4e 0d 00 00 00 00 00  ./.......N......
30 16 00 00 78 12 01 00 00 00 00 00 00 00 00 00  0...x...........

-----------------------------------------------------------------------

 


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Hello.
 
From the Chkdsk scan:
 

Windows has made corrections to the file system.
No further action is required.

 
 
As to the preinstalled software removal, you posted a scan log again. If you removed the preinstalled software, the log I would like to see has a C prefix, since Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number.

Can you please read the instructions above again and post the correct log?
 


  • 0

#13
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-16-2023
# Duration: 00:00:10
# OS:       Windows 11 (Build 22000.1574)
# Cleaned:  8
# Awaiting reboot:5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Needs Reboot  Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Cleaning failed   C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed   C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed   C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [2105 octets] - [16/02/2023 11:20:22]
AdwCleaner[S01].txt - [2166 octets] - [16/02/2023 13:00:22]
AdwCleaner[S02].txt - [2227 octets] - [16/02/2023 13:57:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,053 posts

Thank you.

 

Please now run FRST once more and attach for me fresh logs, Addition and FRST.


  • 0

#15
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2023
Ran by jhauk (administrator) on DESKTOP-6JBP3L9 (Dell Inc. Inspiron 3670) (18-02-2023 08:52:04)
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk
Platform: Microsoft Windows 11 Home Version 21H2 22000.1574 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe <12>
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\jhauk\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\70.0.2.0\crashpad_handler.exe <5>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxCUIService.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe [1257032 2021-04-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-12-10] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2020-12-06] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1977696 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> )
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4235112 2022-09-27] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [MicrosoftEdgeAutoLaunch_C3B4745A586F470C4B29567DA633CD3C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243408 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Amazon Music Helper] => C:\Users\jhauk\AppData\Local\Amazon Music\Amazon Music Helper.exe [2361288 2022-06-06] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [Amazon Music] => C:\Users\jhauk\AppData\Local\Amazon Music\Amazon Music.exe [21368776 2022-06-06] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\jhauk\AppData\Local\WebEx\WebexHost.exe [8038496 2023-02-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\70.0.2.0\GoogleDriveFS.exe [51889432 2023-02-08] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MP970 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD91.DLL [27648 2007-05-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS8300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFT.DLL [529408 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP970 series: C:\WINDOWS\system32\CNMLM91.DLL [258560 2007-05-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS8300 series: C:\WINDOWS\system32\CNMLMFT.DLL [959488 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [252416 2012-08-30] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.121\Installer\chrmstp.exe [2023-02-08] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NotificationTool.lnk [2020-02-13]
ShortcutTarget: NotificationTool.lnk -> C:\Program Files (x86)\Canon\hdAlbum EZ\NotificationTool.exe (Canon Inc. -> CANON INC.)
Startup: C:\Users\jhauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe - Shortcut.lnk [2019-10-12]
ShortcutTarget: firefox.exe - Shortcut.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {122D71C1-1618-48E8-A6FD-23CBBF29D4E8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {155C3E5D-0899-4636-B4E4-9C556E2E219A} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-15] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {2122804D-EAB6-443D-BE63-E573E2B8A67D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {28FEA64C-0CFB-4031-BD6F-97BBDB74F4C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D2C5F5B-3542-4DF5-BA37-04AF0627E322} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5092024 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
Task: {2E6AB2B4-F339-4448-BDF3-4AD7EC3BA2EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EC9F050-B311-49F8-A048-2AAF7B20B4B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {4C26AFD1-5C37-4F8A-BC2C-27E939578E35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)
Task: {53277251-D1F9-4744-9A84-93D2DCCA58AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {74400644-2AB3-41AE-A45C-B535DFB88134} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {862DF1BC-E9AC-4A57-9D05-C340B36A1DD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B441CF7D-6BEA-49EB-86C6-0A2CF1E6B253} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D1613E9D-8724-4BC2-AF4C-FFDA00BF25C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EDFF0B54-722B-4DB3-93E5-B0A4BC32CA25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1003496 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF030867-CB4B-4F85-9F29-7141A1950822} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCA6206D-B840-474E-8114-64E82E20DEBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e6d416ea-722e-4537-9bf4-49c06dbe3514}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: C:\Users\jhauk\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-16]
Edge DownloadDir: Default -> C:\Users\jhauk\Downloads
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-07]
Edge Extension: (Edge relevant text changes) - C:\Users\jhauk\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-02-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ou4ydgfb.default-1553941110074
FF ProfilePath: C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 [2023-02-18]
FF DownloadDir: C:\Users\jhauk\Desktop
FF Homepage: Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 -> hxxps://www.facebook.com/|hxxps://mail.google.com/mail/u/0/?ui=2#inbox|hxxps://calendar.google.com/calendar/u/0/r/day?tab=mc
FF Notifications: Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 -> hxxps://www.facebook.com; hxxps://usa.life; hxxps://mail.google.com
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\[email protected] [2023-02-17] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\[email protected] [2023-01-17]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-02-16]
FF Extension: (Zoom Scheduler) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2023-01-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default [2023-02-18]
CHR DownloadDir: C:\Users\jhauk\Desktop
CHR Extension: (Google Docs Offline) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-21]
CHR Extension: (Mountain River) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldnnpdpbcplkacehcbafmncblojlead [2020-05-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-16]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-16]
CHR Extension: (Slides) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-21]
CHR Extension: (Docs) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-21]
CHR Extension: (Google Drive) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-21]
CHR Extension: (YouTube) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-21]
CHR Extension: (Sheets) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-21]
CHR Extension: (Gmail) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-21]
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-16]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3834400 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-10-29] (Dell Inc -> )
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [334688 2020-02-18] (Pro Softnet Corporation -> Prosoftnet)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8967840 2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-07-17] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe [107624 2018-12-13] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198080 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77736 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 08:52 - 2023-02-18 08:54 - 000029892 _____ C:\Users\jhauk\Desktop\FRST.txt
2023-02-18 08:51 - 2023-02-18 08:51 - 002378240 _____ (Farbar) C:\Users\jhauk\Desktop\FRST64.exe
2023-02-18 08:51 - 2023-02-18 08:51 - 000000000 ____D C:\Users\jhauk\Desktop\FRST-OlderVersion
2023-02-17 21:30 - 2023-02-17 21:30 - 000388745 _____ C:\Users\jhauk\Desktop\UHC_Document (1).pdf
2023-02-17 07:12 - 2023-02-17 07:12 - 003095031 _____ C:\Users\jhauk\Documents\IMG_20230217_0001.pdf
2023-02-17 07:00 - 2023-02-17 07:00 - 000197679 _____ C:\Users\jhauk\Desktop\ListChkdskResult.exe
2023-02-16 16:45 - 2023-02-16 16:45 - 000181816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-02-16 11:26 - 2023-02-16 11:26 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-16 11:26 - 2023-02-16 11:26 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-16 11:25 - 2023-02-16 11:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-16 11:25 - 2023-02-16 11:25 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-16 11:18 - 2023-02-16 13:59 - 000000000 ____D C:\AdwCleaner
2023-02-16 11:17 - 2023-02-16 11:17 - 008791352 _____ (Malwarebytes) C:\Users\jhauk\Desktop\AdwCleaner.exe
2023-02-15 05:58 - 2023-02-15 05:58 - 000000000 ___HD C:\$WinREAgent
2023-02-15 05:50 - 2023-02-16 09:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-13 08:23 - 2023-02-13 08:26 - 009805378 _____ C:\Users\jhauk\Documents\IMG_20230213_0001.pdf
2023-02-08 08:17 - 2023-02-08 08:20 - 003122008 _____ C:\Users\jhauk\Documents\IMG_20230208_0005.pdf
2023-02-08 08:16 - 2023-02-08 08:17 - 002392007 _____ C:\Users\jhauk\Documents\IMG_20230208_0004.pdf
2023-02-08 08:16 - 2023-02-08 08:16 - 001430875 _____ C:\Users\jhauk\Documents\IMG_20230208_0003.pdf
2023-02-08 08:15 - 2023-02-08 08:15 - 001178585 _____ C:\Users\jhauk\Documents\IMG_20230208_0002.pdf
2023-02-08 08:14 - 2023-02-08 08:14 - 001527891 _____ C:\Users\jhauk\Documents\IMG_20230208_0001.pdf
2023-02-07 00:13 - 2023-02-07 00:13 - 011148942 _____ C:\Users\jhauk\Documents\FUNK (2023-02-07).rmgb
2023-02-06 07:34 - 2023-02-06 07:34 - 000013728 _____ C:\Users\jhauk\Desktop\2023 CANDIDATE LIST FOR PRIMARY ELECTION (REPUBLICAN).xlsx
2023-01-25 06:39 - 2023-01-25 06:39 - 000000000 ____D C:\Users\jhauk\AppData\Roaming\webex
2023-01-25 06:38 - 2023-02-18 08:13 - 000000000 ____D C:\Users\jhauk\AppData\Local\WebEx
2023-01-25 06:38 - 2023-01-25 06:40 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\WebEx
2023-01-25 06:36 - 2023-01-25 06:36 - 000486744 _____ (Cisco Webex LLC) C:\Users\jhauk\Downloads\webex.exe
2023-01-24 14:38 - 2023-01-24 14:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-01-24 14:38 - 2023-01-24 14:38 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-24 14:38 - 2023-01-24 14:38 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 08:55 - 2019-03-18 09:16 - 000000000 ____D C:\ProgramData\IDrive
2023-02-18 08:53 - 2022-04-28 09:33 - 000000000 ____D C:\FRST
2023-02-18 08:53 - 2020-06-08 05:52 - 000000000 ____D C:\Users\jhauk\Documents\Outlook Files
2023-02-18 08:51 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-18 08:38 - 2019-03-18 08:26 - 000000000 ____D C:\Users\jhauk\AppData\Local\Packages
2023-02-18 08:36 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-18 08:20 - 2019-03-18 08:43 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\Mozilla
2023-02-18 08:18 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-18 08:18 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-18 08:16 - 2020-06-20 05:07 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-18 08:15 - 2019-03-18 08:34 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-18 08:14 - 2022-02-09 22:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-18 02:04 - 2019-03-18 17:50 - 000000000 ____D C:\Users\jhauk\Documents\Bren
2023-02-17 21:22 - 2021-11-13 15:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-17 08:38 - 2021-08-16 13:32 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\IGDump
2023-02-16 16:45 - 2021-11-13 15:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-16 16:45 - 2020-08-05 01:33 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-16 14:10 - 2021-06-05 07:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-16 13:59 - 2018-11-21 02:25 - 000000000 ____D C:\Program Files\Dell
2023-02-16 12:49 - 2021-11-13 11:06 - 000000000 ____D C:\Users\jhauk
2023-02-16 11:26 - 2021-06-05 07:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-16 09:33 - 2019-03-18 08:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-16 09:15 - 2019-05-06 23:31 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\Temp
2023-02-16 08:44 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-16 08:03 - 2019-03-18 08:30 - 000000000 ____D C:\ProgramData\Packages
2023-02-16 01:59 - 2021-10-07 08:41 - 000000000 ____D C:\Users\jhauk\AppData\Local\CrashDumps
2023-02-15 17:53 - 2021-11-13 10:30 - 000000000 ____D C:\Program Files\MSBuild
2023-02-15 17:53 - 2019-03-18 11:25 - 000000000 ____D C:\Users\jhauk\AppData\Local\D3DSCache
2023-02-15 11:14 - 2021-11-13 15:47 - 000850644 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-15 11:14 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF
2023-02-15 11:11 - 2021-11-13 15:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-15 11:11 - 2019-03-18 08:43 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-15 11:07 - 2021-11-13 15:34 - 000541784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-15 11:03 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-15 07:01 - 2019-03-19 05:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-15 06:46 - 2019-03-19 05:00 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-15 06:16 - 2021-11-13 15:38 - 003111424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-02-15 01:24 - 2021-11-13 10:30 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-02-15 01:18 - 2018-11-21 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-14 12:46 - 2019-03-18 17:57 - 000000000 ____D C:\Users\jhauk\Desktop\John
2023-02-11 09:33 - 2019-03-19 04:21 - 000000000 ____D C:\Users\Aukerman\Desktop\John
2023-02-09 16:01 - 2021-11-13 15:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 16:01 - 2021-11-13 15:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-08 23:50 - 2019-03-18 08:35 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-08 15:49 - 2021-02-03 13:32 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-02-08 08:14 - 2020-02-13 13:56 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-02-07 00:14 - 2019-04-08 05:46 - 041014272 _____ C:\Users\jhauk\Documents\FUNK.rmgc
2023-02-06 23:39 - 2019-07-30 06:16 - 004658176 _____ C:\Users\jhauk\Documents\aukerman20190730.rmgc
2023-02-01 00:52 - 2019-04-02 07:43 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-27 22:55 - 2019-07-06 06:35 - 001932288 _____ C:\Users\jhauk\Documents\woodrum.rmgc
2023-01-23 23:29 - 2021-01-22 06:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2021-01-18 12:44 - 2021-01-18 12:44 - 000000171 _____ () C:\Users\jhauk\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2023
Ran by jhauk (18-02-2023 08:57:47)
Running from C:\Users\jhauk\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1574 (X64) (2021-11-13 21:00:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1015540938-3996997567-1391499832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1015540938-3996997567-1391499832-503 - Limited - Disabled)
Guest (S-1-5-21-1015540938-3996997567-1391499832-501 - Limited - Disabled)
jhauk (S-1-5-21-1015540938-3996997567-1391499832-1001 - Administrator - Enabled) => C:\Users\jhauk
WDAGUtilityAccount (S-1-5-21-1015540938-3996997567-1391499832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.8 (HKLM\...\{2FA2F521-494C-4E8F-8C30-3D3E81590413}) (Version: 4.8.0.2852 - Open Media LLC)
AceMoney (HKLM-x32\...\AceMoney_is1) (Version:  - MechCAD Software)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Music (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Amazon Amazon Music) (Version: 9.1.0.2339 - Amazon.com Services LLC)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon TS8300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8300_series) (Version: 1.02 - Canon Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\ActiveTouchMeetingClient) (Version: 43.1.0 - Cisco Webex LLC)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.59 - NCH Software)
Dell Digital Delivery Service (HKLM-x32\...\{DD47FCB3-5038-40CE-A02A-85F51BA03F37}) (Version: 3.6.1012.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{3A0ECCB6-1034-440E-8672-C4E14CCB7689}) (Version: 3.10.1.23 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{795931D8-2EBF-4969-A678-4219B161F676}) (Version: 5.4.3.15135 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{555298fa-14a9-48f2-a7a0-9602f31785da}) (Version: 5.4.3.15135 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{F68DA8E2-38B6-47A7-AB62-BFE8B740F792}) (Version: 4.7.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.121 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 70.0.2.0 - Google LLC)
hdAlbum EZ (HKLM-x32\...\{014BBF3C-D9C4-4FD0-857D-E7DDC95263C0}) (Version: 1.7.1.6 - Canon Inc.)
IDrive version 6.7.3.6 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.6 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM\...\{148D6ED8-24B8-443D-9C5B-5D6BF506671B}) (Version: 10.1.17903.8106 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel® Corporation)
Intel® Icls (HKLM\...\{4625C928-49BB-44DC-92E3-B9EC0972C72D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{C6577DC3-0C37-48BF-817B-54941E2A9D5F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{8A47F310-D3B6-4894-AE24-5E997B13999B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{D80FDFD4-0702-4950-A949-CC2AE3B36F23}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{434309ED-354E-460C-B241-0803232C7CC9}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® OEM Extension (HKLM\...\{FEB772C1-919E-4145-9691-AFFAC915496F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.9.1040 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{6B487AA5-94E3-4B20-A1AF-2FA0CEA5BD13}) (Version: 17.5.9.1040 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Jihosoft Phone Transfer version 3.4.2.0 (HKLM-x32\...\{116B8806-B959-4600-8591-35E60440BD3D}_is1) (Version: 3.4.2.0 - HONGKONG JIHO CO., LIMITED)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.54.161 - Logitech)
Malwarebytes version 4.5.22.236 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.22.236 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.46 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{843E8BAC-637E-4354-94D7-73D910E2168F}) (Version: 4.71.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{92418797-A53F-4B3E-A56A-F8B739B6F1FF}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{B12E6B2E-1E47-4D58-A45E-AA92A5F8F8FD}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Movavi Screen Recorder Studio 10 (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Movavi Screen Recorder Studio 10) (Version: 10.2.0 - Movavi)
Movavi Video Editor Plus 2022 (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Movavi Video Editor Plus 2022) (Version: 22.1.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - Passport)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.5 - Canon Inc.)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8791.1 - Realtek Semiconductor Corp.)
RootsMagic 7.6.1.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.6.1.0 - RootsMagic, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 10.40 - NCH Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSDC Free Video Editor version 6.3.9.49 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.9.49 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Web Launch Recorder (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wondershare TunesGo ( Version 9.7.3 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.7.3 - Wondershare)
Youtube Downloader HD v. 4.4.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
Zoom (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)

Packages:
=========
Audacity 2 -> C:\Program Files\WindowsApps\42109FactoriaDatacenter.Audacity2_2.3.2.0_neutral__zaf1c6h4vqsbt [2019-05-29] (Repackagerexpress.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.96.1.0_x64__kgqvnymyfvs32 [2023-01-31] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2460.1.0_x64__kgqvnymyfvs32 [2023-02-16] (king.com)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2023-01-17] (Canon Inc.)
Corel PaintShop Pro -> C:\Program Files\WindowsApps\CorelCorporation.PaintShopPro_25.1.32.0_x64__wbjqpk9xt50t4 [2022-12-03] (Corel Corporation)
Cut Video App -> C:\Program Files\WindowsApps\AnywaySoftInc.CutVideoApp_1.2.6.0_x64__0qkrc2qacwvfm [2023-01-17] (AnywaySoft, Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2023-01-15] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2023-02-13] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2023-01-17] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.4.0_x64__htrsf667h5kn2 [2021-11-13] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.7.31.0_x86__htrsf667h5kn2 [2022-11-09] (Dell Inc)
Downloader for YouTube. Free Coverter to MP3, MP4 & AVI. -> C:\Program Files\WindowsApps\13240GoodBuzzMedia.DownloaderforYouTube.FreeCovert_1.1.17.0_x64__pkybfkfh0fpqa [2020-11-03] (Good Buzz Media)
Express Burn CD and DVD Burner Free -> C:\Program Files\WindowsApps\NCHSoftware.ExpressBurnFree_11.0.9.0_x86__7kedsbyvzns34 [2022-10-16] (NCH Software)
Free Instant Youtube Downloader -> C:\Program Files\WindowsApps\356E5ED5.FreeInstantYoutubeDownloader_1.5.2.0_x64__n9erwrkheyjxe [2020-02-04] (Prospera Software Inc.) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-01-16] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-11-13] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2022-12-15] (Apple Inc.) [Startup Task]
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2023-01-17] (OverDrive Inc.)
Media Player -> C:\Program Files\WindowsApps\YellowElephantProductions.MediaPlayerS_1.268.117.0_x64__p3e1zgp7z7szg [2023-02-13] (Yellow Elephant Productions)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Meme-Generator -> C:\Program Files\WindowsApps\8840NaveenCS.Meme-Generator_3.3.0.0_neutral__20e0kv46hk748 [2023-01-17] (Naveen CS)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2301.20002.0_x64__8wekyb3d8bbwe [2023-01-31] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.6201.0_x64__8wekyb3d8bbwe [2023-02-17] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-10-16] (Microsoft Corporation)
MuseScore 3 -> C:\Program Files\WindowsApps\64051MuseScoreBVBA.MuseScoreNotationSoftware_3.3.4.0_x64__pz631wrhsw9tj [2022-09-06] (MuseScore BVBA)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.1.8.0_x64__htrsf667h5kn2 [2023-01-15] (Dell Inc)
OpenShot Video Editor - MS Store Port -> C:\Program Files\WindowsApps\37559StorePorts.OpenShotVideoEditor-MSStorePort_1.1.2.0_x64__gbs9e2cxjv4vj [2020-02-21] (Store Ports)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.25.0_x64__nfy108tqq3p12 [2023-01-16] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2023-01-17] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-11] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.562.360.0_x86__55nm5eh3cm0pr [2023-02-11] (ROBLOX Corporation)
Screen Recorder Lite -> C:\Program Files\WindowsApps\YellowElephantProductions.ScreenRecorderLite_1.229.145.0_x64__p3e1zgp7z7szg [2022-12-24] (Yellow Elephant Productions) [Startup Task]
SHARE.it -> C:\Program Files\WindowsApps\30608Paradox.SHAREit81_1.7.18.0_x64__ghshvk1r7eapp [2019-04-30] (SHAREit Technologies Co.Ltd) [MS Ad]
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4 [2022-11-29] (Slack Technologies Inc.) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2023-01-17] (Microsoft Corporation)
Ultra Screen Recorder -> C:\Program Files\WindowsApps\D5BE6627.UltraScreenRecorder_2.0.9.0_x86__9pm2v9747qaaa [2021-03-29] (CompuClever Systems Inc.)
VideoPad Video Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.VideoPadVideoEditorFree_13.0.7.0_x86__7kedsbyvzns34 [2023-01-26] (NCH Software)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2023-01-17] (VideoLAN)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-01-17] (Waves Audio)
Zalo Desktop -> C:\Program Files\WindowsApps\VNGOnline.Zalofordesktop_19.8.1.0_x64__z59ddpn1nx8g0 [2019-08-16] (VNG Online)
ZAPYA -> C:\Program Files\WindowsApps\EBAC32FB.ZAPYA_1.2.6.0_x86__7pjp2xjm0bc9w [2023-01-17] (邻动(北京)技术有限公司)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-02-18] (Pro Softnet Corporation -> Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-02-18] () [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\70.0.2.0\drivefsext.dll [2023-02-08] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-16] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-23 18:04 - 2020-02-18 12:19 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2020-02-23 18:04 - 2020-02-18 12:19 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2022-11-21 23:12 - 2022-11-21 23:13 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\YellowElephantProductions.MediaPlayerS_1.268.117.0_x64__p3e1zgp7z7szg\e_sqlite3.dll
2023-02-13 23:41 - 2023-02-13 23:41 - 065662976 _____ () [File not signed] C:\Program Files\WindowsApps\YellowElephantProductions.MediaPlayerS_1.268.117.0_x64__p3e1zgp7z7szg\MediaPlayerS.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2021-06-27 15:45 - 2016-10-21 15:06 - 000318976 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-06-27 15:45 - 2017-06-27 09:59 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-06-27 15:45 - 2017-11-02 14:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2021-06-27 15:45 - 2017-11-02 14:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2011-08-30 07:06 - 2011-08-30 07:06 - 000267776 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNBLM4.DLL
2019-03-19 04:52 - 2012-08-30 10:18 - 000252416 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-03-18 08:21 - 2011-08-30 07:06 - 000084992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNBPP4.DLL
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-08-26 09:00 - 2019-08-26 09:00 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-04-19 12:43 - 2020-04-19 12:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-19 12:43 - 2020-04-19 12:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-04-19 12:43 - 2020-04-19 12:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2021-05-27 09:29 - 2021-05-27 09:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\oldnational.com -> hxxps://www.oldnational.com
IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\pnc.com -> hxxps://www.onlinebanking.pnc.com
IE trusted site: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\sharepoint.com -> hxxps://anderson0-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-07-12 05:56 - 2021-07-12 05:56 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Control Panel\Desktop\\Wallpaper -> c:\users\jhauk\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\2022 09 30 (1).jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Zalo"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C3B4745A586F470C4B29567DA633CD3C"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E9FAE067-76E3-48EB-BAA1-F793EE97358A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{EFAE7FA9-91D4-4DA9-B435-B080634A4E28}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{036C20CF-D6E6-4B34-B413-9459073ED26F}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{6E23B3D1-7A4F-4AF6-9719-0D263E97DE6D}C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe] => (Allow) C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [TCP Query User{565B4B4A-B93A-4ECA-975E-380E884EDBFF}C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe] => (Allow) C:\program files\windowsapps\37559storeports.openshotvideoeditor-msstoreport_1.1.2.0_x64__gbs9e2cxjv4vj\vfs\programfilesx64\openshot video editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{D8DD128A-FB4A-448A-85E4-37BFF4E1E1A5}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{3F2A6D7E-9815-45CF-B176-9C8BC9FA27E0}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{7023B499-2448-4724-8081-517C15763D1F}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{88D6118D-6A11-4619-897E-735523227F99}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{D545A722-3337-485D-BDC1-704C1A98AB82}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{55DBA7B1-5982-433F-8D38-DE7E7E51F490}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Flash-Integro LLC)
FirewallRules: [{C2006FCD-AD51-45E0-B4A4-B874E7474F91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{482CD256-9F6B-400E-B563-E6821169580F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{05D6B342-78F3-482C-B53E-0D3E4467F99D}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{3AA89511-D6C1-4D99-B70B-6B07A506BA62}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{0BF25BA8-8276-4A70-9625-7D0BC5C469D6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{679BE155-291B-4E8E-B2AC-F1921EC4D296}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C8BDF5C-688F-44CC-97D4-5D424F8C21C5}] => (Allow) C:\Users\jhauk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2F77443A-2BBF-4DF0-B3F2-7713C3AF592F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF44B2B3-CF16-4D4B-AD98-044D5988633E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A17E8691-8314-4A4C-B51E-E8862B5E60BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EB6AD0E-517D-4501-B57A-D1F3C781128D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A0FA5F6-58A4-4B03-97B2-B932FDF2539F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A38BC89D-160E-4E61-B9B9-29402C038CE8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E7740F51-85DE-46F0-89E0-69FA4D4CE253}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5BB1E956-7286-4823-ADC7-D7385777E5A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{57DA26D0-DFCD-4BA7-81CC-12FC7C00F7EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Singing Monsters\MySingingMonsters.exe () [File not signed]
FirewallRules: [{219FADE3-AB6A-4BAF-8B7E-0A25FDD611A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Singing Monsters\MySingingMonsters.exe () [File not signed]
FirewallRules: [{C969EE14-DF4D-4FA1-B141-DD46589DE147}] => (Allow) LPort=34000
FirewallRules: [{15F027A1-E38F-4342-B6AF-D520900C3721}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{B5BC327A-612A-4231-97B4-B6CCBDFF9FDA}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.29.149.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{096C3BE6-DC39-4E85-B400-8325B160CCCF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CEE132D-FF76-46EE-BC75-5CC92A6BD2EE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D263BF8-B53D-417C-B7E7-36DFAC6FF5A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE81B107-672B-41DC-8E66-4CB9AAECDF54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A162375-2AA6-4F78-B911-F3D17F7BE962}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F72A30F5-1262-4991-A780-06BEBA4A7B03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0ABE7C3C-2954-4321-ACB8-AB219D6342A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BEDADAD-FF6E-47A0-9B46-5816C10B1FBE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{237F4AEC-AF53-4DDF-95DA-A5986151D6B9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88AAA5BB-983C-47BD-AB82-76BFA9FC8B07}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C339C6B0-C18F-4F3D-840B-931C72C3A30C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB97BB0E-2CF3-4A64-9F00-81893D44AC83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5CD89163-459E-4520-9E06-186374E70B36}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/16/2023 12:49:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

 DETAIL - Access is denied.

Error: (02/16/2023 12:49:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

 DETAIL - Access is denied.

Error: (02/16/2023 09:32:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/16/2023 09:32:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/16/2023 09:32:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/16/2023 09:32:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/16/2023 08:12:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/16/2023 08:11:13 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2066a282-3fbc-40b8-b6f7-1388f0d1fd42}


System errors:
=============
Error: (02/18/2023 08:17:27 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JBP3L9)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (02/18/2023 08:14:55 AM) (Source: googledrivefs3758) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (02/18/2023 08:11:53 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/17/2023 09:23:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JBP3L9)
Description: The server microsoft.windowscommunicationsapps_16005.14326.21330.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (02/17/2023 09:22:44 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.

Error: (02/17/2023 06:38:31 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JBP3L9)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (02/17/2023 06:36:16 AM) (Source: googledrivefs3758) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (02/17/2023 06:32:59 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E6D416EA-722E-4537-9BF4-49C06DBE3514} because another computer on the network has the same name.  The server could not start.


Windows Defender:
================
Date: 2023-02-16 07:09:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-16 02:33:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-16 01:36:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-15 02:37:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-14 06:07:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-18 01:26:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.15.0 02/21/2020
Motherboard: Dell Inc. 0H4VK7
Processor: Intel® Core™ i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 83%
Total physical RAM: 8006.97 MB
Available physical RAM: 1329.78 MB
Total Virtual: 13642.11 MB
Available Virtual: 4210.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.05 GB) (Free:563.19 GB) (Model: ST1000DM010-2EP102) NTFS
Drive g: (Google Drive) (Fixed) (Total:917.05 GB) (Free:535.03 GB) (Model: ST1000DM010-2EP102) FAT32

\\?\Volume{ddeb6c84-810c-46a1-aec6-44f8c7ccad3a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.39 GB) NTFS
\\?\Volume{df0a5467-a661-4a6f-af6f-55c9d5055271}\ (Image) (Fixed) (Total:11.66 GB) (Free:0.22 GB) NTFS
\\?\Volume{5da840b2-c364-4272-bd43-d66afc350687}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.21 GB) NTFS
\\?\Volume{7f86ac07-f133-4645-b879-12d32c99ea96}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 926B0D78)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP