Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell - Trojan virus - Slow Firefox and Edge browsers; pages don't

Started by wayneman50 , Mar 23 2023 08:10 AM

  • This topic is locked This topic is locked

#1
wayneman50
Posted 23 March 2023 - 08:10 AM

wayneman50

    Member

  • Member
  • PipPipPip
  • 587 posts

Defender found a virus. See attached. What are the ramifications of this virus? Should I quarantine or remove?

 

 

Some sites have been slower the last few weeks in Firefox and Edge.

 

In Firefox only, sometimes I get just the top bar of the page with the various tabs. Sometimes the page is blank. I have to press F5 to see the whole page. Sometimes I have to press F5 several times before the page displays. Sometimes I get Secure Connection Failed. Example: after logging into https://www.discover.com/. I prefer Firefox because I made a bunch of security setting changes years ago - things like not saving passwords. 

 

Edge consistently displays the pages, it’s just slow.

 

I have cleared cache and cookies in both browsers.

 

3/25/23 Update: Yesterday I used the Defender option to delete the virus. I now have a problem with the Windows search box at the bottom left of the screen and the search box in File Explorer. In both cases, I start typing, it doesn't find anything, and it deletes what I typed. I don't know what's going on with my internet browsers because I am concerned about security. I unplugged the ethernet cable.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2023
Ran by wayne (administrator) on DESKTOP-3BLPTLN (Dell Inc. XPS 8930) (23-03-2023 09:57:59)
Running from C:\Users\wayne\Desktop
Loaded Profiles: wayne
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2728 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserSessionAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe ->) (Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTLyncHelper.LycnConsole.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCopyAccelerator.exe
(C:\Users\wayne\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\wayne\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(Carbonite, Inc.) [File not signed] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\wayne\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Carbonite, Inc.) [File not signed] C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a34e85e556ccdec6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a34e85e556ccdec6\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_46afe571f647787a\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdd.inf_amd64_490aa6d1fd969a51\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2212.31.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617848 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [9806848 2023-02-06] (Carbonite, Inc.) [File not signed]
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.44\Installer\setup.exe [3982272 2023-03-19] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [ccleaner_update_helper] => C:\Program Files\CCleaner\ccleaner_update_helper.exe [747320 2023-03-20] (PIRIFORM SOFTWARE LIMITED -> Piriform)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [39159608 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\wayne\AppData\Local\WebEx\WebexHost.exe [8040032 2023-03-09] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\Run: [MicrosoftEdgeAutoLaunch_926EEA5733A432E098C3CBE889747BD1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\wayne\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\wayne\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\RunOnce: [Uninstall 23.038.0219.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\wayne\AppData\Local\Microsoft\OneDrive\23.038.0219.0001" (No File)
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\111.0.5563.66\Installer\chrmstp.exe [2023-03-22] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065663E3-6971-4742-BC1C-1272414065E0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0919D627-5316-4DC5-BB5D-DABB002371C1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09D24C84-6139-44BD-A4D3-59E69579B8B9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F2F0846-DF16-409C-BBB9-B159CD245031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-01-29] (Google Inc -> Google Inc.)
Task: {10FDE740-0CDD-40BD-9194-6699E2E2CFD6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "faa3005b-e1a9-45b6-81f1-3d42dec4aebf" --version "6.10.10347" --silent
Task: {1133A6C0-C2E6-4D98-9373-FEFD3FFC5E8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17F9E454-6091-489B-8B1D-C38EA32F2AE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C01744C-389F-4175-B857-48469762C4DD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1EBAC4D6-50D0-45CB-99AB-F5521206027B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24B304E8-727B-4595-BA57-3C6AA047BD00} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B722E99-AEAC-4F9D-B255-73719F4962ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718752 2023-03-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {324E99CC-3A1A-413B-9EA6-FB7B141B2A90} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3575D778-6A5C-44CD-B4D1-51E6874C085B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {437D9614-4A9E-48D0-8869-86F7BDA0FC75} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {537CEDC7-F069-4351-93AB-40CF64B68097} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {614F987F-2222-4D3E-A4DA-A27B71D5AA75} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FA8AC56-C2FE-47EE-97C3-BEFDD379D8AB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {78363BB4-8073-472A-85FC-1C3A4EACEA98} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1922 more characters).
Task: {791145AD-68CB-414F-B430-55E4C4B7B3A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-01-29] (Google Inc -> Google Inc.)
Task: {7DF2968F-D41E-444F-B4FB-6043409EF50A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C9230FE-9BEC-41A2-A367-5872FA2061C8} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-03-22] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {919CECEB-7170-4478-9934-431D1AC181B8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [665952 2023-01-31] (Dell Inc -> Dell Inc.)
Task: {A026800D-147D-47E8-A2B6-65D3F17FA9CA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A486B1B2-8006-4F73-BB56-F29906D02573} - System32\Tasks\CCleanerSkipUAC - wayne => C:\Program Files\CCleaner\CCleaner.exe [33038648 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {A4CB11C0-B93D-4DB4-B927-963779053F51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B30415FB-0BCB-4674-AF68-AFB062E9789A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {BD4CCB20-7E26-4855-8275-841CB8DF88E0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E8CBC0E7-4236-4ECE-A28C-2DBF7FD7FDC2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB9C4D4A-F14B-4958-9B85-9B6E74275626} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4b66e3fa-9d30-4e4a-9794-2c25cdd44655}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\wayne\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\wayne\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-23]
Edge DownloadDir: Default -> C:\Users\wayne\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.youtube.com

FireFox:
========
FF DefaultProfile: we737lv3.default
FF ProfilePath: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\we737lv3.default [2020-01-29]
FF ProfilePath: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\fifkm0du.default-release [2023-03-23]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\fifkm0du.default-release\Extensions\[email protected] [2022-08-22]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2020-02-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default [2022-01-29]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-29]
CHR Extension: (Docs) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-29]
CHR Extension: (Google Drive) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-13]
CHR Extension: (YouTube) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-29]
CHR Extension: (Endpoint Verification) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\callobklhcbilhphinckomhgkigmfocg [2022-01-27]
CHR Extension: (Sheets) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-27]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-14]
CHR Extension: (Gmail) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-13]
CHR Profile: C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-02-10]
CHR Profile: C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-08]
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR Extension: (Endpoint Verification) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\callobklhcbilhphinckomhgkigmfocg [2023-02-08]
CHR Extension: (Affixa - Gmail ™ Draft Display) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ceimgagkkofjoalgojpkdcmhmbljbbaa [2022-01-27]
CHR Extension: (Google Docs Offline) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-08]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-27]
CHR Profile: C:\Users\wayne\AppData\Local\Google\Chrome\User Data\System Profile [2022-02-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [8992256 2023-02-06] (Carbonite, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-11-07] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-01-17] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-11-18] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-08-15] (Dell Inc -> Dell)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [183424 2017-08-08] (Intel® RMT -> Intel Corporation)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [86200 2022-11-29] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2489016 2022-11-29] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2988248 2022-11-29] (Intel Corporation -> Intel)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [86232 2022-11-29] (Intel Corporation -> Intel® Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2022-01-24] (Qualcomm Atheros, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [226976 2023-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-01-31] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdd.inf_amd64_490aa6d1fd969a51\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdd.inf_amd64_490aa6d1fd969a51\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2013-05-22] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2013-05-22] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 CLFCL5.14; C:\WINDOWS\system32\DRIVERS\CLFCL5.14\000.fcl [46848 2017-07-19] (CyberLink Corp. -> CyberLink Corp.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [37808 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [215088 2022-11-29] (Intel Corporation -> Rivet Networks, LLC.)
R3 MpKsla4a46dfa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F540545A-022D-485D-9106-DCE531F25CBB}\MpKslDrv.sys [211208 2023-03-23] (Microsoft Windows -> Microsoft Corporation)
R3 ScrHIDDriver3; C:\WINDOWS\System32\drivers\ScrHIDDriver3.sys [63296 2021-10-01] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [971160 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology Corp.)
S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [1581464 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-23 09:57 - 2023-03-23 09:58 - 000036575 _____ C:\Users\wayne\Desktop\FRST.txt
2023-03-23 09:57 - 2023-03-23 09:58 - 000000000 ____D C:\FRST
2023-03-23 09:57 - 2023-03-23 09:57 - 002378752 _____ (Farbar) C:\Users\wayne\Desktop\FRST64.exe
2023-03-23 09:57 - 2023-03-23 09:57 - 000000000 ____D C:\Users\wayne\Desktop\FRST-OlderVersion
2023-03-21 04:56 - 2023-03-21 04:56 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-03-21 04:56 - 2023-03-21 04:56 - 000003476 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-03-21 04:56 - 2023-03-21 04:56 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-03-20 20:35 - 2023-03-20 20:35 - 012213734 _____ C:\Users\wayne\Downloads\love potion #9.mp4
2023-03-19 08:34 - 2023-03-19 08:34 - 000273901 _____ C:\Users\wayne\Downloads\wireless MyBill_03.15.2023.pdf
2023-03-18 08:52 - 2023-03-18 08:52 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3409315567-1698705800-1941238463-1001
2023-03-18 08:52 - 2023-03-18 08:52 - 000002385 _____ C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-17 09:31 - 2023-03-17 09:31 - 000083675 ____R C:\Users\wayne\Downloads\Tax_Forms.pdf
2023-03-16 14:00 - 2023-03-16 14:00 - 000829952 _____ C:\Users\wayne\Documents\Bykota membership card Mar 2023.pdf
2023-03-15 05:51 - 2023-03-15 05:51 - 000236806 ____R C:\Users\wayne\Downloads\paper-bill-4.pdf
2023-03-15 02:18 - 2023-03-15 02:18 - 000000000 ___HD C:\$WinREAgent
2023-03-13 13:42 - 2023-03-13 13:42 - 000433023 _____ C:\Users\wayne\Downloads\Kenmore Vacuum sales receipt.pdf
2023-03-13 13:39 - 2023-03-13 13:39 - 000099157 _____ C:\Users\wayne\Downloads\Vacuum Replacement Form v2 filled out v2.pdf
2023-03-13 13:32 - 2023-03-13 13:32 - 000058029 _____ C:\Users\wayne\Downloads\Vacuum Replacement Form v2 filled out.pdf
2023-03-13 13:18 - 2023-03-13 13:18 - 000052317 ____R C:\Users\wayne\Downloads\Vacuum Replacement Form v2.pdf
2023-03-09 10:55 - 2023-03-09 10:55 - 000182627 ____R C:\Users\wayne\Downloads\Kern Letter-2.pdf
2023-03-09 10:50 - 2023-03-09 10:50 - 000208472 _____ C:\Users\wayne\Documents\Warren Kern Dad life insurance page 2.pdf
2023-03-09 00:50 - 2023-03-09 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-03-08 19:08 - 2023-03-08 19:08 - 000172560 ____R C:\Users\wayne\Downloads\GTCC Agenda 3-8-23-2.pdf
2023-03-08 19:04 - 2023-03-08 19:04 - 000172560 ____R C:\Users\wayne\Downloads\GTCC Agenda 3-8-23-1.pdf
2023-03-08 15:46 - 2023-03-08 15:46 - 000172560 ____R C:\Users\wayne\Downloads\GTCC Agenda 3-8-23.pdf
2023-03-07 15:26 - 2023-03-07 15:26 - 000122670 ____R C:\Users\wayne\Downloads\Preliminary_Estimate.pdf
2023-03-07 08:20 - 2023-03-07 08:20 - 000000867 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2023-03-07 08:20 - 2023-03-07 08:20 - 000000855 _____ C:\Users\Public\Desktop\Audacity.lnk
2023-03-04 11:54 - 2023-03-04 11:54 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2023-03-02 14:44 - 2023-03-02 14:45 - 000000000 ____D C:\Users\wayne\Documents\Mom care
2023-03-01 16:40 - 2023-03-01 16:40 - 000106933 ____R C:\Users\wayne\Downloads\16734657220947440194279229451230-1.pdf
2023-03-01 15:44 - 2023-03-09 12:46 - 000000000 ____D C:\Users\wayne\Documents\Virgin Pulse Preventive Health Activity Forms
2023-03-01 13:33 - 2023-03-01 13:33 - 000316223 ____R C:\Users\wayne\Downloads\FR1018G_fillable-1.pdf
2023-03-01 13:33 - 2023-03-01 13:33 - 000182627 ____R C:\Users\wayne\Downloads\Kern Letter-1.pdf
2023-02-28 14:32 - 2023-02-28 14:32 - 000002137 _____ C:\Users\Public\Desktop\Carbonite.lnk
2023-02-28 14:32 - 2023-02-28 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2023-02-28 07:12 - 2023-02-28 07:12 - 000001501 _____ C:\Users\Public\Desktop\Foxit PDF Reader.lnk
2023-02-28 07:12 - 2023-02-28 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2023-02-27 18:19 - 2023-02-27 18:19 - 001534511 _____ C:\Users\wayne\Documents\Vanguard POA Full Agent Authorization.pdf
2023-02-27 18:18 - 2023-02-27 18:18 - 001534511 ____R C:\Users\wayne\Downloads\Full Agent Authorization.pdf
2023-02-27 17:20 - 2023-02-27 17:20 - 000329503 _____ C:\Users\wayne\Documents\Warren Kern Dad life insurance.pdf
2023-02-27 16:55 - 2023-02-27 16:55 - 000182627 ____R C:\Users\wayne\Downloads\Kern Letter.pdf
2023-02-27 16:54 - 2023-02-27 16:54 - 000316223 ____R C:\Users\wayne\Downloads\FR1018G_fillable.pdf
2023-02-25 13:15 - 2023-02-25 13:15 - 000150742 _____ C:\Users\wayne\Documents\water bill 022523 payment receipt.pdf
2023-02-24 09:52 - 2023-02-24 09:52 - 006477689 _____ C:\Users\wayne\Downloads\BillImage (1).pdf
2023-02-21 16:30 - 2023-02-21 16:30 - 000181045 _____ C:\Users\wayne\Documents\G&L Manual.pdf
2023-02-21 16:29 - 2023-02-21 16:29 - 000181045 ____R C:\Users\wayne\Downloads\glmanual.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-23 09:58 - 2020-02-18 17:40 - 000000000 ____D C:\Users\wayne\Documents\Outlook Files
2023-03-23 09:55 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-23 09:48 - 2020-11-11 07:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-23 09:47 - 2020-08-19 14:25 - 000000000 ____D C:\Users\wayne\AppData\Local\WebEx
2023-03-23 09:32 - 2020-01-29 21:03 - 000000000 ____D C:\Program Files (x86)\Google
2023-03-23 09:28 - 2022-02-08 06:21 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-23 09:27 - 2020-01-29 20:55 - 000000000 ____D C:\Users\wayne\AppData\LocalLow\Mozilla
2023-03-23 04:57 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-23 04:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-03-23 04:56 - 2020-02-15 13:27 - 000000000 ____D C:\Program Files\CCleaner
2023-03-23 03:39 - 2020-11-11 07:39 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C0754281-BB32-453E-A69E-79A43F797B0D}
2023-03-22 21:49 - 2020-01-21 23:25 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2023-03-22 20:28 - 2020-11-11 07:39 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-22 20:28 - 2020-11-11 07:39 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-22 16:34 - 2020-01-29 21:03 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-22 16:34 - 2020-01-29 21:03 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-03-22 12:39 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2023-03-22 12:25 - 2020-01-21 23:25 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-22 04:04 - 2020-06-18 16:38 - 000000000 ____D C:\Users\wayne\Documents\Old stuff
2023-03-22 03:47 - 2021-10-05 05:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-03-22 03:47 - 2020-02-15 15:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-03-22 03:47 - 2020-01-29 20:55 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-03-22 03:47 - 2020-01-29 20:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-03-21 04:56 - 2020-02-15 13:27 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2023-03-20 10:19 - 2022-01-25 05:53 - 000000000 ____D C:\Users\wayne\Documents\Mom legal documents
2023-03-19 21:20 - 2020-02-18 17:40 - 000000000 ____D C:\Users\wayne\Documents\DOV
2023-03-19 16:21 - 2021-03-03 18:39 - 000012533 _____ C:\Users\wayne\Documents\Mom rent payments.xlsx
2023-03-19 05:09 - 2020-02-18 17:43 - 000000000 ____D C:\Users\wayne\Documents\recipes
2023-03-19 01:28 - 2020-05-21 23:28 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-19 01:28 - 2020-05-21 23:28 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-18 08:52 - 2021-12-13 09:50 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3409315567-1698705800-1941238463-1001
2023-03-17 20:06 - 2021-12-29 12:11 - 000000000 ____D C:\Users\wayne\Documents\Mom financial
2023-03-17 04:36 - 2020-01-28 18:06 - 000000000 __SHD C:\Users\wayne\IntelGraphicsProfiles
2023-03-16 21:36 - 2020-11-11 07:44 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-16 21:32 - 2021-12-23 03:13 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-03-16 21:32 - 2021-04-24 21:29 - 000451192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-16 21:32 - 2020-11-11 07:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-16 21:32 - 2020-11-11 07:35 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-16 21:32 - 2020-01-21 23:22 - 000000000 ____D C:\Intel
2023-03-16 21:30 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-03-16 21:30 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-16 21:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-16 21:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-16 21:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-03-16 21:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-16 21:30 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-03-16 14:27 - 2020-02-18 17:40 - 000000000 ___RD C:\Users\wayne\Documents\Nursing Home gigs
2023-03-15 10:13 - 2020-02-22 18:51 - 000000000 ____D C:\Users\wayne\Documents\Turbo Tax backup
2023-03-15 10:13 - 2020-02-15 12:26 - 000000000 ____D C:\Users\wayne\Documents\TurboTax
2023-03-15 02:32 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-15 02:27 - 2020-11-11 07:36 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-03-15 02:17 - 2020-01-29 21:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-15 02:12 - 2020-01-29 21:04 - 153620824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-03-14 11:56 - 2020-02-18 17:40 - 000000000 ___RD C:\Users\wayne\Documents\Mood Swings
2023-03-14 10:17 - 2020-02-18 17:44 - 000020331 _____ C:\Users\wayne\Documents\Movies.xlsx
2023-03-14 10:14 - 2020-02-18 17:43 - 000000000 ____D C:\Users\wayne\Documents\Taxes
2023-03-12 20:44 - 2020-02-18 17:40 - 000000000 ____D C:\Users\wayne\Documents\Financial
2023-03-09 10:25 - 2020-02-18 17:44 - 000013424 _____ C:\Users\wayne\Documents\concert tickets.xlsx
2023-03-09 00:52 - 2022-06-07 13:33 - 000000000 ____D C:\Users\wayne\AppData\Roaming\DropboxElectron
2023-03-09 00:52 - 2020-02-15 12:55 - 000000000 ____D C:\Users\wayne\AppData\Local\Dropbox
2023-03-09 00:50 - 2020-02-15 12:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-03-07 08:20 - 2021-08-02 06:14 - 000000000 ____D C:\Program Files\Audacity
2023-03-06 18:31 - 2020-01-28 18:06 - 000000000 ____D C:\Users\wayne\AppData\Local\Packages
2023-03-05 08:08 - 2020-01-29 22:29 - 000000000 ____D C:\Users\wayne\AppData\Local\ElevatedDiagnostics
2023-03-04 22:13 - 2020-02-18 17:44 - 000007704 _____ C:\Users\wayne\Documents\Buy stuff.txt
2023-03-04 11:49 - 2020-02-18 17:44 - 000010324 _____ C:\Users\wayne\Documents\Magazine log.xlsx
2023-03-01 13:25 - 2020-02-18 18:07 - 000000841 _____ C:\WINDOWS\Brpfx04a.ini
2023-03-01 05:31 - 2020-02-15 12:55 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-03-01 05:31 - 2020-02-15 12:55 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-03-01 02:43 - 2020-11-11 07:39 - 000003998 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2023-03-01 02:43 - 2020-11-11 07:39 - 000003766 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2023-02-28 14:32 - 2020-11-11 07:39 - 000008538 _____ C:\WINDOWS\system32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2023-02-28 14:32 - 2020-02-15 12:56 - 000000000 ____D C:\Users\wayne\AppData\Local\CrashDumps
2023-02-24 16:24 - 2020-02-18 17:40 - 000000000 ___RD C:\Users\wayne\Documents\Erie insurance payments
2023-02-24 10:45 - 2022-11-27 05:20 - 000000000 ___RD C:\Users\wayne\Documents\Credit reports
2023-02-24 09:46 - 2023-02-19 08:04 - 000000000 ____D C:\Users\wayne\Documents\Legal documents
2023-02-22 02:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-22 02:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-22 02:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-21 05:34 - 2020-02-18 15:43 - 000000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories ========

2020-01-29 20:46 - 2020-01-29 20:46 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2020-01-29 20:46 - 2020-01-29 20:46 - 000000304 _____ () C:\Users\wayne\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2020-02-18 12:58 - 2020-02-18 12:58 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2020-01-29 20:46 - 2020-01-29 20:46 - 000000175 _____ () C:\Users\wayne\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2021-05-31 13:30 - 2021-05-31 13:30 - 000003584 _____ () C:\Users\wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2023
Ran by wayne (23-03-2023 09:59:31)
Running from C:\Users\wayne\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2728 (X64) (2020-11-11 11:39:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3409315567-1698705800-1941238463-500 - Administrator - Disabled) => C:\Users\Administrator.DESKTOP-3BLPTLN
DefaultAccount (S-1-5-21-3409315567-1698705800-1941238463-503 - Limited - Disabled)
Guest (S-1-5-21-3409315567-1698705800-1941238463-501 - Limited - Disabled)
wayne (S-1-5-21-3409315567-1698705800-1941238463-1001 - Administrator - Enabled) => C:\Users\wayne
WDAGUtilityAccount (S-1-5-21-3409315567-1698705800-1941238463-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
ActivePresenter (HKLM\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.2.3 - Atomi Systems, Inc.)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Audacity 3.2.5 (64-bit) (HKLM\...\Audacity_is1) (Version: 3.2.5 - Audacity Team)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.12.0.4 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.0.3 - Canon Inc.)
Carbonite (HKLM-x32\...\{32C96C56-33BC-4BB1-8793-3F1E0AFF26FD}) (Version: 6.4.6 build 27 (Feb-06-2023) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 6.10 - Piriform)
CD Wave Editor version 1.72 (HKLM-x32\...\CD Wave_is1) (Version: 1.72 - )
Cisco Webex Meetings (HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\ActiveTouchMeetingClient) (Version: 42.4.1 - Cisco Webex LLC)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{CF95CED4-3A1E-4486-B7FA-428C25D617ED}) (Version: 5.0.64.0 - Dell Inc.)
Dell Mobile Connect Driver (HKLM\...\{6F9CB82D-BC34-4FC1-B90D-AFFAC5C85E7B}) (Version: 4.1.7498 - Screenovate Technologies Ltd.)
Dell OS Recovery Tool (HKLM-x32\...\{1A236038-C023-4397-87EB-10127699BD10}) (Version: 2.3.6094.0 - Dell) Hidden
Dell OS Recovery Tool (HKLM-x32\...\{f50dbbb3-b883-4f60-b5bf-6f221599f767}) (Version: 2.3.6094 - Dell Inc.)
Dell SupportAssist (HKLM\...\{82B84211-71FD-4AB7-87D1-68568646860F}) (Version: 3.13.2.14 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{dc44ee3f-d6c1-444d-a660-b0f1ac90b51d}) (Version: 5.5.4.16189 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{DC9B5977-7B0A-4A86-A55E-72488C990E6E}) (Version: 5.5.5.16458 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{6b7b873a-87ed-446e-96e4-74aa2bc926bb}) (Version: 5.5.5.16458 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{E5C8AC27-6F8A-4D9C-A239-8673A6CA9570}) (Version: 4.7.1 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 169.4.5684 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
DVDFab (x64) 11.0.7.4 (18/02/2020) (HKLM-x32\...\DVDFab 11(x64)) (Version: 11.0.7.4 - DVDFab Software Inc.)
DVDFab 10.0.7.8 (16/01/2018) (HKLM-x32\...\DVDFab 10) (Version: 10.0.7.8 - Fengtao Software Inc.)
DVDFab 11.0.7.4 (18/02/2020) (HKLM-x32\...\DVDFab 11) (Version: 11.0.7.4 - DVDFab Software Inc.)
DVDFab 12 (29/12/2020) (HKLM-x32\...\DVDFab 12) (Version: 12.0.1.5 - DVDFab Software Inc.)
DVDFab 12 (x64) (26/05/2021) (HKLM-x32\...\DVDFab 12 (x64)) (Version: 12.0.3.1 - DVDFab Software Inc.)
DVDFab 8.0.8.0 Beta (12/03/2011) (HKLM-x32\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.1.15289 - Foxit Software Inc.)
GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.66 - Google LLC)
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
Intel® Chipset Device Software (HKLM\...\{00C43022-CFDA-4942-9D3F-04199C91C939}) (Version: 10.1.18121.8164 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{37942a92-9e3f-4d70-9b5c-5955cbc54505}) (Version: 10.1.18121.8164 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Ready Mode Technology (HKLM\...\{DBF0CA69-EADE-4CE0-8C09-D200FE80BCDC}) (Version: 1.1.70.534 - Intel Corporation)
Intel® Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7EBADAB6-B7AC-4560-85A7-FF345559F193}) (Version: 17.2.6.1027 - Intel Corporation)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2D645390-CC15-4330-94C5-A6BE37B267F8}) (Version: 33.22.1182 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{D9007C95-A9B6-41FD-B6DF-B97DFFC4BE84}) (Version: 2.3.1513 - Rivet Networks)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM-x32\...\{67950e91-8f8f-4d75-9252-7cca68ccdacc}) (Version: 6.0.9.31619 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5529.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\OneDriveSetup.exe) (Version: 23.043.0226.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3409315567-1698705800-1941238463-500\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.13.26020 (HKLM\...\{C5ECDB9A-D9B0-3107-BA85-1269998A5B3E}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.13.26020 (HKLM\...\{221D6DB4-46E2-333C-B09B-5F49351D0980}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.13.26020 (HKLM-x32\...\{895D5198-C5DB-375E-86AB-133F4DAA9FE2}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.13.26020 (HKLM-x32\...\{8F271F6C-6E7B-3D0A-951B-6E7B694D78BD}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 111.0.1 (x64 en-US)) (Version: 111.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 109.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 526.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5529.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5529.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5529.1000 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10531 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (HKLM-x32\...\{89EC099E-958D-462E-972C-385591946978}) (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (HKLM-x32\...\{F014B696-28C5-4554-802F-A15380418F53}) (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (HKLM-x32\...\{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}) (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wmdiper (HKLM-x32\...\{ABBE458D-C10D-4B36-8C95-92DE9D196B1B}) (Version: 012.000.1471 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (HKLM-x32\...\{E83F5F27-43F3-4163-ABE5-F68C989286ED}) (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (HKLM-x32\...\{0A7DD94B-B746-4FB0-8688-8598C22793A0}) (Version: 013.000.2289 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (HKLM-x32\...\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}) (Version: 013.000.0522 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (HKLM-x32\...\{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}) (Version: 013.000.0170 - Intuit Inc.) Hidden
TurboTax 2013 wmdiper (HKLM-x32\...\{57642511-A663-44B7-9EEE-5BCEC1A44A8A}) (Version: 013.000.1478 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (HKLM-x32\...\{606EB5EB-AADF-4E21-B715-1CAD291181D6}) (Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2015 WinPerFedFormset (HKLM-x32\...\{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}) (Version: 015.000.2677 - Intuit Inc.) Hidden
TurboTax 2015 WinPerFuegoContent (HKLM-x32\...\{B48A745E-B79A-417F-8775-421EF44C92D1}) (Version: 015.000.0429 - Intuit Inc.) Hidden
TurboTax 2015 WinPerReleaseEngine (HKLM-x32\...\{B0119415-6743-4707-AB4D-1928F5E81FDD}) (Version: 015.000.0572 - Intuit Inc.) Hidden
TurboTax 2015 WinPerTaxSupport (HKLM-x32\...\{BDC1955D-38D6-4747-8B0A-B2B7CFEA1E7D}) (Version: 015.000.0182 - Intuit Inc.) Hidden
TurboTax 2015 wmdiper (HKLM-x32\...\{AC70EF5F-0046-48FD-9AD9-87C711CEB994}) (Version: 015.000.1673 - Intuit Inc.) Hidden
TurboTax 2015 wrapper (HKLM-x32\...\{6FF818ED-865F-4C55-A073-DD6C9CE7B6A8}) (Version: 015.000.0126 - Intuit Inc.) Hidden
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2016 WinPerFedFormset (HKLM-x32\...\{1D28A880-201A-42DD-891C-875860B17631}) (Version: 016.000.3461 - Intuit Inc.) Hidden
TurboTax 2016 WinPerReleaseEngine (HKLM-x32\...\{FD003E07-4E56-4CFC-9106-B7AAB234398E}) (Version: 016.000.0620 - Intuit Inc.) Hidden
TurboTax 2016 WinPerTaxSupport (HKLM-x32\...\{4DF70C79-FF25-4836-AEFB-899ECF4C6A30}) (Version: 016.000.0183 - Intuit Inc.) Hidden
TurboTax 2016 wmdiper (HKLM-x32\...\{DEA53540-72A1-4511-8508-D0F28B993ACC}) (Version: 016.000.1785 - Intuit Inc.) Hidden
TurboTax 2016 wrapper (HKLM-x32\...\{B6E9FEF8-5EA1-448B-9423-6683F48D5978}) (Version: 016.000.0220 - Intuit Inc.) Hidden
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2017 WinPerFedFormset (HKLM-x32\...\{EBB7DFDE-A910-4678-8A9F-757B2C8A8158}) (Version: 017.000.3979 - Intuit Inc.) Hidden
TurboTax 2017 WinPerReleaseEngine (HKLM-x32\...\{859EAFFC-3640-430C-B4E2-0E6F75AF6CA9}) (Version: 017.000.0781 - Intuit Inc.) Hidden
TurboTax 2017 WinPerTaxSupport (HKLM-x32\...\{71A541CA-896C-463A-A396-DCFBA148AC48}) (Version: 017.000.0134 - Intuit Inc.) Hidden
TurboTax 2017 wmdiper (HKLM-x32\...\{DA5D74D7-B321-4863-B5B7-52B7EA8FE766}) (Version: 017.000.1828 - Intuit Inc.) Hidden
TurboTax 2017 wrapper (HKLM-x32\...\{7EEF100B-8223-4951-99C5-FEC4CEAB763E}) (Version: 017.000.0126 - Intuit Inc.) Hidden
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2018 WinPerFedFormset (HKLM-x32\...\{4F5D754A-4CF7-489E-9FC7-DCF124A9C13B}) (Version: 018.000.3420 - Intuit Inc.) Hidden
TurboTax 2018 WinPerReleaseEngine (HKLM-x32\...\{3B81DEB0-2307-4542-A370-47D7B15B4EE5}) (Version: 018.000.0674 - Intuit Inc.) Hidden
TurboTax 2018 WinPerTaxSupport (HKLM-x32\...\{E9FCBA33-DB82-4992-A4FE-3A2D4C974DD7}) (Version: 018.000.0130 - Intuit Inc.) Hidden
TurboTax 2018 wmdiper (HKLM-x32\...\{29519E5A-DA64-4162-ABF6-DA2211E5EC66}) (Version: 018.000.1477 - Intuit Inc.) Hidden
TurboTax 2018 wrapper (HKLM-x32\...\{B29215FE-D5C4-4C2D-BDA1-11EBF3638653}) (Version: 018.000.0109 - Intuit Inc.) Hidden
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2019 WinPerFedFormset (HKLM-x32\...\{E06C08B0-B8A7-4D16-AC3D-A9B215B4DF33}) (Version: 019.000.3008 - Intuit Inc.) Hidden
TurboTax 2019 WinPerReleaseEngine (HKLM-x32\...\{3B2774BA-9EAF-4AC6-8E06-98EA76831746}) (Version: 019.000.0809 - Intuit Inc.) Hidden
TurboTax 2019 WinPerTaxSupport (HKLM-x32\...\{7A9F6F61-D188-4851-A4B5-1766EB5295C9}) (Version: 019.000.0115 - Intuit Inc.) Hidden
TurboTax 2019 wmdiper (HKLM-x32\...\{EB84136F-C21D-43B7-BAB4-D62D911DCFE7}) (Version: 019.000.1832 - Intuit Inc.) Hidden
TurboTax 2019 wrapper (HKLM-x32\...\{DF0DB405-2E2C-4DFE-A6E7-342E7900F594}) (Version: 019.000.0127 - Intuit Inc.) Hidden
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax 2020 WinPerReleaseMsi (HKLM-x32\...\{52E6AD69-FBE7-42C0-9F5B-CD282EB7FD76}) (Version: 020.000.1918 - Intuit Inc.) Hidden
TurboTax 2020 wmdiper (HKLM-x32\...\{D0974894-7971-4976-ADF5-E60D4BDDE35E}) (Version: 020.000.1120 - Intuit Inc.) Hidden
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0471 - Intuit Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
vanBasco's Karaoke Player (HKLM-x32\...\VMidi) (Version:  - )
VIDBOX VCDE Driver (HKLM-x32\...\VIDBOX VCDE Driver) (Version: 5.2019.0614.0 - VIDBOX Inc.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
wmdiperStateIS (HKLM-x32\...\{2063D5C5-34CD-441E-90A2-C73844721B68}) (Version: 022.000.0107 - Intuit Inc.) Hidden
Zoom (HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2023-03-23] (Dell Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2022-11-21] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2022-12-05] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-19] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.13.7.0_x64__htrsf667h5kn2 [2023-03-16] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.7.5.0_x86__htrsf667h5kn2 [2022-11-28] (Dell Inc)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4628.0_x64__8j3eq9eme6ctt [2023-03-09] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-03-06] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2022-12-15] (Apple Inc.) [Startup Task]
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1322.1109.0_x64__rh07ty8m5nkag [2023-02-04] (Rivet Networks LLC) [Startup Task]
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-01-21] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3005.0_x64__8wekyb3d8bbwe [2023-03-18] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.4.0_x64__htrsf667h5kn2 [2023-02-22] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-19] (Microsoft Corporation)
Power Media Player BD for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerBDforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-12] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-01-21] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2020-01-29] (CYBERLINK CORPORATION.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-23] (Microsoft Studios) [MS Ad]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-28] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-28] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\wayne\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\wayne\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\wayne\Dropbox [2020-02-15 12:59]
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2023-02-06] (Carbonite, Inc.) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdd.inf_amd64_490aa6d1fd969a51\nvshext.dll [2023-01-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 12 (x64)\DVDFab 12 Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab12&v=12.0.3.
Shortcut: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 12\DVDFab 12 Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab12&v=12.0.1.
Shortcut: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11 (x64)\DVDFab Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab11&p=x64&v=11.0.7.
Shortcut: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DVDFab Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab11&v=11.0.7.
Shortcut: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10\DVDFab Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&v=10.0.7.
ShortcutWithArgument: C:\Users\wayne\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2020-02-18 18:00 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-02-18 18:00 - 2012-09-06 22:02 - 000978944 ____N () [File not signed] C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
2020-02-18 18:00 - 2008-08-18 19:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2020-02-18 18:00 - 2012-04-23 16:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-02-18 18:00 - 2012-09-06 22:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-02-18 18:00 - 2012-07-06 14:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-02-18 18:00 - 2012-09-06 22:02 - 000131072 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcFcnv.dll
2020-02-18 18:00 - 2012-07-06 14:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-02-18 18:00 - 2012-07-17 14:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-02-18 18:00 - 2012-09-06 22:02 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcSmon.dll
2020-02-18 18:00 - 2012-09-14 09:53 - 000241664 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrImageConversion.dll
2020-02-18 18:00 - 2012-09-14 09:53 - 000098304 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrImgPdf.dll
2020-02-18 18:00 - 2012-09-14 09:53 - 000118784 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\brTPGSplash.dll
2023-02-06 11:46 - 2023-02-06 11:46 - 002637824 ____R (Carbonite, Inc.) [File not signed] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
2023-02-06 11:37 - 2023-02-06 11:37 - 002634240 ____R (Carbonite, Inc.) [File not signed] C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
2022-07-19 04:28 - 2022-07-15 10:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-11-11 07:30 - 2020-11-11 07:30 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2022-11-07 13:53 - 2022-11-07 13:53 - 001548800 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\SQLite.Interop.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> DefaultScope {567FB402-7351-428E-B932-86AAF28B5D92} URL =
SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> {567FB402-7351-428E-B932-86AAF28B5D92} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2022-02-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-02-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2020-02-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3409315567-1698705800-1941238463-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Dell Digital Delivery Services => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PPort12reminder"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{ABAFCEF4-D5B8-4841-91FD-594836AAA911}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C27BA65C-082A-4648-B746-6760978DB627}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{716465BB-737A-424F-B360-620A7BA977E5}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 11\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [TCP Query User{4499AC90-EB78-4C7C-80B9-E52C4DF2932C}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 11\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{CAFE1EFD-292A-42F5-A63E-70266F60573E}] => (Allow) C:\Users\wayne\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C022A039-75A4-44F0-AF22-073FD38D4964}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5D49E3C1-130C-450A-AE93-3C30AECB6CA2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C851C40-79B4-419B-87CC-AFB7A8F9E1CE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5903190A-ACF9-443B-BCE0-07B32E3EE021}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9C4111EF-79F3-416F-A612-69F84821B889}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{445DA287-03F7-4E7D-8768-511EF6E7C9BA}] => (Block) C:\program files\dvdfab 11\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{AD838F69-5FB8-4E9E-BE13-C1418F0DD9B5}] => (Block) C:\program files\dvdfab 11\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [UDP Query User{E9AAFBC5-36F5-47CE-BA72-32DEE359BEAF}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [TCP Query User{9CDE440C-303F-491C-AFC8-97519384F3EE}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{D4637D4B-64C8-42C7-924D-4CAC8EDB60A4}] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [{F28EFF21-74B5-48FB-A9C3-C25926E802D2}] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [UDP Query User{01887366-C234-4D08-A874-07B9513DB42C}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [TCP Query User{757C81CE-1816-4F5A-9245-529B4774E715}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [{B285C607-00F3-486C-895C-DB58BC360FF2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{87078510-5B1C-49B9-BF17-8125E7E0C0E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ED376061-DEB0-4728-8D93-E3B898441100}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D6F3CE99-A92D-4DDA-A387-F21269C164F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4A4BB1AB-B878-4DFE-8C16-61C8414418D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32E13F20-F0FE-4625-8D31-714617459C32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1FE05F2C-7449-4994-B274-885F776CD6F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E4DC7AB-537A-4B4E-8175-7579743BAEF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0870EC10-C374-4F06-9EB9-8255EB8871C4}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{232FCB41-F5A6-4E03-A34C-DB6A2A671E15}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [TCP Query User{5F187C4D-F84F-419C-99C5-68DA8F141B29}C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [UDP Query User{1924F58E-9E41-4100-8355-33FC0D6DF428}C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{3C6C69C4-A28F-4ABD-998C-E5E0D534667C}] => (Block) C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{15A31A6E-1EC2-4391-A603-09DB71B5647B}] => (Block) C:\program files (x86)\dvdfab\dvdfab 12\dvdfab.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [TCP Query User{E95E5238-DC96-45BD-96F5-0D385009F5E5}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [UDP Query User{939D2799-E40A-4112-A47A-EB85059374AA}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe (DVDFab Software Inc. -> DVDFab.cn)
FirewallRules: [{99CFE9AC-63C1-4B52-85AA-DFD712D08442}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{B598E91F-7F2F-4BE7-8916-FAE965B9D6AA}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{36FD7BEE-C20B-4A5F-96B9-3E73D5ED2821}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{420886DB-30BD-4CC0-A94B-0C3BBF9D7B13}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{02182B30-0842-437C-A3E5-56932DCFD7BB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4871460-B4AB-4D8F-AF16-21AED44C799E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EDEE9F9-5D78-42FD-A431-E32BD8B7DFAA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05E40FE8-E05E-444B-929E-C5CE6851959E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9366718C-A5FB-4E92-B134-7B4C03E64BF6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{437BCAAC-2E29-455D-AD26-5E8A6DE43270}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4DEFBC45-9AE8-4865-88C8-B1EA4B72E402}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{6B80D256-AFDA-43B4-81F2-8507F122809D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{A1C153A2-46F0-4687-B628-1412619411D8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{455CCD8D-FDBC-4C88-B18C-8A20AA7781E4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{4B6EC10E-7AD1-4F9D-BCAB-2CDCB8C5F780}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{A6D6CDF9-A7BF-48B7-B851-28FA7A7249BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{CDF11AB7-0DA0-4FA4-AAEA-BB8AA454F304}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{FAB73622-99B6-4E2B-A75D-A1C2CDBBEFBC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{0584E855-449D-4029-B649-9AC56568A870}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7A71650E-33AD-4637-BBC6-B04AC89F038C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BB77CD3-3CC7-449C-97DD-9124C9D3C1BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F58431D5-5006-42F0-B7E7-52DF0EE23C9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1FE72531-805C-4E94-B6A8-56CFC5C44A2E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3563C0E-5C63-4285-81FD-CCD3B512BF33}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-03-2023 09:48:16 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/23/2023 09:18:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/23/2023 09:05:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/23/2023 03:04:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/23/2023 02:41:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/22/2023 08:39:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/22/2023 08:29:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/22/2023 02:28:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Error: (03/22/2023 02:16:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}


System errors:
=============
Error: (03/23/2023 07:07:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/21/2023 10:17:24 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (03/21/2023 12:07:23 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume20'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (03/21/2023 12:07:23 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume20'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (03/21/2023 12:07:23 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume19'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.

Error: (03/17/2023 02:56:32 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (03/16/2023 09:32:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Intel® TPM Provisioning Service service to connect.

Error: (03/13/2023 11:56:24 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume21'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.


Windows Defender:
================
Date: 2023-03-22 20:08:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-03-21 18:31:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-03-20 18:32:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-03-19 18:38:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-03-18 19:32:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-04 05:30:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a34e85e556ccdec6\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.1.24 07/08/2022
Motherboard: Dell Inc. 0T2HR0
Processor: Intel® Core™ i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 93%
Total physical RAM: 7997.3 MB
Available physical RAM: 524.11 MB
Total Virtual: 18237.3 MB
Available Virtual: 5073.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:935.75 GB) (Free:536.9 GB) (Model: PM981a NVMe Samsung 1024GB) NTFS
Drive f: (HP v125w) (Removable) (Total:3.72 GB) (Free:0.96 GB) FAT32

\\?\Volume{40ffad9e-bd22-4251-a8c5-3a46cd3935d3}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.54 GB) NTFS
\\?\Volume{2a0da642-e616-4454-b1aa-3b3ae047c2a2}\ (Image) (Fixed) (Total:14.96 GB) (Free:0.13 GB) NTFS
\\?\Volume{15f465d2-2544-4665-ac5d-56fba0ce1f79}\ (DELLSUPPORT) (Fixed) (Total:1.42 GB) (Free:0.6 GB) NTFS
\\?\Volume{0219a2a5-c34f-4ab6-848a-b021b5b7ae45}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 7D48CA73)

Partition: GPT.

==========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 0CA921CF)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=FAT32)

==================== End of Addition.txt =======================
 

Attached Thumbnails

  • Trojan virus.JPG

Edited by wayneman50, 25 March 2023 - 12:14 PM.

  • 0

Advertisements

#2
RKinner
Posted 25 March 2023 - 07:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can't tell much from the name.  I'd run a few scans to make sure there is nothing else.

 

ESET's free online scanner 

https://www.eset.com...online-scanner/

You want the one time scan.

 

Can take several hours so you may want to let it run over night.

 

MBAR:

https://www.malwareb...rootkit-scanner

 

Rogue Killer:

https://www.adlice.com/roguekiller/

 

Also I see:

Error: (03/17/2023 02:56:32 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Not sure which drive it's talking about so I'd run check disk on each:

 

Search for 

cmd

 

It will find Command Prompt.  Right click on it and Run as Admin.

 

Type:

 

chkdsk /r C:

(It will say it can't do it now and ask to schedule it at the next boot.  Tell it y)

 

Then reboot.  The check will run and take a few hours then it will boot Windows.

 

Repeat for 

 

chkdsk /r F:

 

This one will probably not need to reboot.

 

1. Please download the Event Viewer Tool by Vino Rosso

and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
 
* Application
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.
 
 
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

  • 0

#3
wayneman50
Posted 26 March 2023 - 12:22 PM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

Here’s my progress so far with a question about chkdsk at the bottom.

ESET's free online scanner 

https://www.eset.com...online-scanner/

You want the one time scan……”No threats found”

 

MBAR:

https://www.malwareb...rootkit-scanner

I think I have all the browser protection turned on in Defender, so I declined “Include browser protection”, but those options are still checked in the Malwarebytes anyway. I need to turn them off so they don’t conflict with Defender, right?

Scan done “Your device is squeaky clean.” The scan only took a few minutes.

 

Rogue Killer:

https://www.adlice.com/roguekiller/

Threats detected: 0

 

Also I see:

Error: (03/17/2023 02:56:32 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Not sure which drive it's talking about so I'd run check disk on each:

 

Search for 

cmd

 

It will find Command Prompt.  Right click on it and Run as Admin.

 

Type:

 

chkdsk /r C:

(It will say it can't do it now and ask to schedule it at the next boot.  Tell it y)

 

Then reboot.  ……….Done. I came back about 15 minutes after rebooting. All I saw was my usual desktop. Does chkdsk run in the background?


  • 0

#4
RKinner
Posted 26 March 2023 - 03:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Definitely does not run chkdsk in the background.  I just ran it on my 500GB Samsung EVO SSD which is 120 GB full and it took 39 minutes so it may not have run.  It tells you when it is running and even tells you how long it is going to take.

 

If you copy this line:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file c:\users\wayne\Desktop\CHKDSKResults.txt

(Make sure you get the whole line)

then right click on the "Start" button and select Windows Powershell (Administrator) you can right click ine the Powershell window and hit Enter and it should create a file on your desktop called CHKDSKResults.txt.  IT should look something like:
 

 
TimeCreated : 3/26/2023 5:03:12 PM
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
              Cleaning up instance tags for file 0x15572.
                845312 file records processed.                                                        
              
              File verification completed.
               Phase duration (File record verification): 10.64 seconds.
                22386 large file records processed.                                   
              
               Phase duration (Orphan file record recovery): 0.00 milliseconds.
                0 bad file records processed.                                     
              
               Phase duration (Bad file record checking): 0.92 milliseconds.
              
              Stage 2: Examining file name linkage ...
                59982 reparse records processed.                                      
              
                1195688 index entries processed.                                                       
              
              Index verification completed.
               Phase duration (Index verification): 28.69 seconds.
                0 unindexed files scanned.                                        
              
               Phase duration (Orphan reconnection): 8.47 seconds.
                0 unindexed files recovered to lost and found.                    
              
               Phase duration (Orphan recovery to lost and found): 2.13 seconds.
                59982 reparse records processed.                                      
              
               Phase duration (Reparse point and Object ID verification): 223.47 milliseconds.
              
              Stage 3: Examining security descriptors ...
              Cleaning up 4623 unused index entries from index $SII of file 0x9.
              Cleaning up 4623 unused index entries from index $SDH of file 0x9.
              Cleaning up 4623 unused security descriptors.
              CHKDSK is compacting the security descriptor stream
              Security descriptor verification completed.
               Phase duration (Security descriptor verification): 232.10 milliseconds.
                175189 data files processed.                                           
              
               Phase duration (Data attribute verification): 1.05 milliseconds.
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              
              Stage 4: Looking for bad clusters in user file data ...
                845296 files processed.                                                               
              
              File data verification completed.
               Phase duration (User file recovery): 6.21 minutes.
              
              Stage 5: Looking for bad, free clusters ...
                90335695 free clusters processed.                                                       
              
              Free space verification is complete.
               Phase duration (Free space recovery): 0.00 milliseconds.
              Correcting errors in the Volume Bitmap.
              
              Windows has made corrections to the file system.
              No further action is required.
              
               487703024 KB total disk space.
               125066376 KB in 488443 files.
                  362300 KB in 175192 indexes.
                       0 KB in bad sectors.
                  931564 KB in use by the system.
                   65536 KB occupied by the log file.
               361342784 KB available on disk.
              
                    4096 bytes in each allocation unit.
               121925756 total allocation units on disk.
                90335696 allocation units available on disk.
              Total duration: 7.05 minutes (423489 ms).
              
              Internal Info:
              00 e6 0c 00 5c 20 0a 00 74 e5 11 00 00 00 00 00  ....\ ..t.......
              a0 01 00 00 ae e8 00 00 00 00 00 00 00 00 00 00  ................
              

 

 

 
I'm guessing that the F: drive is the culprit so make sure you chkdsk it.
 

  • 0

#5
wayneman50
Posted 26 March 2023 - 04:00 PM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

TimeCreated : 3/26/2023 1:40:52 PM
Message     :
              
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is OS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
              Cleaning up instance tags for file 0x13e51.
                1035776 file records processed.                                                        
              
              File verification completed.
               Phase duration (File record verification): 4.15 seconds.
                14037 large file records processed.                                   
              
               Phase duration (Orphan file record recovery): 0.00 milliseconds.
                0 bad file records processed.                                     
              
               Phase duration (Bad file record checking): 0.00 milliseconds.
              
              Stage 2: Examining file name linkage ...
                9635 reparse records processed.                                      
              
                1479606 index entries processed.                                                       
              
              Index verification completed.
               Phase duration (Index verification): 10.60 seconds.
                0 unindexed files scanned.                                        
              
               Phase duration (Orphan reconnection): 3.58 seconds.
                0 unindexed files recovered to lost and found.                    
              
               Phase duration (Orphan recovery to lost and found): 436.78 milliseconds.
                9635 reparse records processed.                                      
              
               Phase duration (Reparse point and Object ID verification): 18.28 milliseconds.
              
              Stage 3: Examining security descriptors ...
              Cleaning up 5104 unused index entries from index $SII of file 0x9.
              Cleaning up 5104 unused index entries from index $SDH of file 0x9.
              Cleaning up 5104 unused security descriptors.
              Security descriptor verification completed.
               Phase duration (Security descriptor verification): 52.37 milliseconds.
                221916 data files processed.                                           
              
               Phase duration (Data attribute verification): 0.01 milliseconds.
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              
              Stage 4: Looking for bad clusters in user file data ...
                1035760 files processed.                                                               
              
              File data verification completed.
               Phase duration (User file recovery): 11.50 minutes.
              
              Stage 5: Looking for bad, free clusters ...
                143908881 free clusters processed.                                                       
              
              Free space verification is complete.
               Phase duration (Free space recovery): 0.00 milliseconds.
              
              Windows has made corrections to the file system.
              No further action is required.
              
               981204991 KB total disk space.
               404166168 KB in 600032 files.
                  260344 KB in 221917 indexes.
                       0 KB in bad sectors.
                 1142951 KB in use by the system.
                   65536 KB occupied by the log file.
               575635528 KB available on disk.
              
                    4096 bytes in each allocation unit.
               245301247 total allocation units on disk.
               143908882 allocation units available on disk.
              Total duration: 11.81 minutes (709012 ms).
              
              Internal Info:
              00 ce 0f 00 bf 8a 0c 00 5e f7 0d 00 00 00 00 00  ........^.......
              35 25 00 00 6e 00 00 00 00 00 00 00 00 00 00 00  5%..n...........
              




 


  • 0

#6
wayneman50
Posted 26 March 2023 - 04:13 PM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

chkdsk /r F:

"Cannot open volume for direct access."


  • 0

#7
RKinner
Posted 27 March 2023 - 03:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you open F: with File Explorer? (click on the Folder icon in taskbar) Do you see files?

 

Does F show up in Disk Management?  (Search for

disk managment

and hit Enter

It will find it as "Create and Format Hard Drive Partitions" for some reason)

Does it show the F; volume as "Healthy"

Is F: on the same disk as C:?

If not is it a USB drive?  Can you remove it?

 

Does Disk Management show more than one disk?


  • 0

#8
wayneman50
Posted 27 March 2023 - 03:30 AM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

My mistake. F is a USB drive I've been moving between my Dell and my HP. Please see I have a separate topic posted for my HP. I also should have realized that an infection could be on the USB drive and spread to my HP.

 

I'll continue now with Event Viewer.

Attached Thumbnails

  • F drive chkdsk.JPG

  • 0

#9
wayneman50
Posted 27 March 2023 - 03:35 AM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/03/2023 5:33:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/03/2023 1:28:41 AM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c0b9f936-8c1e-487c-8f50-ebda6d5d27ac}

Log: 'Application' Date/Time: 27/03/2023 1:27:37 AM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c0b9f936-8c1e-487c-8f50-ebda6d5d27ac}

Log: 'Application' Date/Time: 26/03/2023 7:26:45 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c0b9f936-8c1e-487c-8f50-ebda6d5d27ac}

Log: 'Application' Date/Time: 26/03/2023 7:25:34 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c0b9f936-8c1e-487c-8f50-ebda6d5d27ac}

Log: 'Application' Date/Time: 26/03/2023 5:24:04 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 26/03/2023 1:32:24 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Log: 'Application' Date/Time: 26/03/2023 1:25:18 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f342c4f9-6528-429e-abbd-3e74c951723e}

Log: 'Application' Date/Time: 26/03/2023 10:44:06 AM
Type: Error Category: 4
Event: 281 Source: DbxSvc
CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Log: 'Application' Date/Time: 26/03/2023 10:44:06 AM
Type: Error Category: 4
Event: 281 Source: DbxSvc
CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Log: 'Application' Date/Time: 26/03/2023 7:46:08 AM
Type: Error Category: 0
Event: 12007 Source: Firefox Default Browser Agent
The event description cannot be found.

Log: 'Application' Date/Time: 26/03/2023 7:46:08 AM
Type: Error Category: 0
Event: 0 Source: Firefox Default Browser Agent
The operation completed successfully.

Log: 'Application' Date/Time: 25/03/2023 7:28:04 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x7b4 Faulting application start time: 0x01d95f4fe879ee8a Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 4d065abf-b8ee-49da-939d-b8a2e258657d Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:27:56 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x27a8 Faulting application start time: 0x01d95f4fe37cbc9f Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: d45d5fd5-3497-44fb-b263-040eb733c2a3 Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:27:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x46d0 Faulting application start time: 0x01d95f4fde576c06 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 692de80b-58d5-4df5-8186-170e9363d60d Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:27:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x3ddc Faulting application start time: 0x01d95f4fd947b919 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 1ed6e3e1-97b5-4b03-8abf-d5d5189449a9 Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:27:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x2aec Faulting application start time: 0x01d95f4fd41c05e8 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: bdb2a4e2-7f87-46c3-b5fc-0a59f0f317b0 Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:27:22 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x42c0 Faulting application start time: 0x01d95f4fcf06ff3e Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 6383aeb7-71d9-471f-a4b9-f529402e462a Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:26:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x269c Faulting application start time: 0x01d95f4fc02859d9 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 41fb99b0-b581-493d-84a4-d7333588e753 Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:26:48 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x1c30 Faulting application start time: 0x01d95f4fbb29e2b0 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9af747b8-484e-4309-8a38-862b249f99e8 Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

Log: 'Application' Date/Time: 25/03/2023 7:26:40 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchApp.exe, version: 10.0.19041.2673, time stamp: 0x61de921c Faulting module name: KERNELBASE.dll, version: 10.0.19041.2728, time stamp: 0xe7e53a4e Exception code: 0xc000027b Fault offset: 0x000000000010fd12 Faulting process id: 0x1c94 Faulting application start time: 0x01d95f4fb6296288 Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 5af6d4b9-0742-4bf5-a843-9ac533ed5e0a Faulting package full name: Microsoft.Windows.Search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/03/2023 2:12:16 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 2:12:15 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 2:12:14 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:45:14 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:45:14 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:45:14 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:31:27 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:31:27 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:31:27 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:22:35 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:22:35 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:22:35 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:11:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:11:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:11:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:06:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:06:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 1:06:24 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 12:49:30 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

Log: 'Application' Date/Time: 27/03/2023 12:49:29 AM
Type: Warning Category: 1
Event: 2000 Source: Intel( R ) RMT
IRMT - CAudioManager::RecordDefaultDeviceId   EnumAudioEndpoints failed, hr=0x80070490

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/03/2023 5:55:43 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (60000 milliseconds) while waiting for the Intel® TPM Provisioning Service service to connect.

Log: 'System' Date/Time: 26/03/2023 5:40:24 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (60000 milliseconds) while waiting for the Intel® TPM Provisioning Service service to connect.

Log: 'System' Date/Time: 26/03/2023 10:45:07 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:07 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:45:07 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:07 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:45:06 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:44:54 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:44:54 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:44:53 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:44:53 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

Log: 'System' Date/Time: 26/03/2023 10:44:53 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eapihdrv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 26/03/2023 10:44:53 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/03/2023 9:14:08 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 8:56:16 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 7:02:39 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 6:44:22 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 6:02:36 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 6:02:36 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 5:57:44 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 5:43:22 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 5:43:22 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 5:42:26 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 12:14:46 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 10:46:23 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 10:46:23 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/03/2023 10:33:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cos-rd.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/03/2023 10:33:07 AM
Type: Warning Category: 0
Event: 10400 Source: Microsoft-Windows-NDIS
The network interface "Killer E2400 Gigabit Ethernet Controller" has begun resetting.  There will be a momentary disruption in network connectivity while the hardware resets. Reason: The network driver detected that its hardware has stopped responding to commands. This network interface has reset 1 time(s) since it was last initialized.

Log: 'System' Date/Time: 24/03/2023 8:54:53 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/03/2023 4:06:50 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/03/2023 2:38:20 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/03/2023 2:31:27 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/03/2023 1:29:35 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-3BLPTLN\wayne SID (S-1-5-21-3409315567-1698705800-1941238463-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


 


  • 0

#10
wayneman50
Posted 27 March 2023 - 04:18 AM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

"Wait a full minute then:" ....I waited about 5 minutes

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    99.43    60 K    8 K    0            
procexp64.exe    0.94    59,528 K    90,724 K    8652    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    0.19    0 K    0 K    n/a    Hardware Interrupts and DPCs        
atmgr.exe    < 0.01    73,440 K    59,384 K    12812    Cisco Webex Service    Cisco Webex LLC    (Verified) Cisco WebEx LLC
explorer.exe    < 0.01    164,268 K    212,672 K    9392    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
System    < 0.01    196 K    136 K    4            
firefox.exe    < 0.01    96,612 K    129,276 K    8116    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    < 0.01    179,048 K    119,088 K    1232    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
KillerNetworkService.exe    < 0.01    101,464 K    34,624 K    4520    Killer Network Service    Intel    (Verified) Intel Corporation
CarboniteService.exe    < 0.01    50,476 K    38,256 K    4220    Carbonite Secure Backup Engine    Carbonite, Inc.    (No signature was present in the subject) Carbonite, Inc.
FoxitPDFReaderUpdateService.exe    < 0.01    1,556 K    7,508 K    4212    Foxit PDF Reader Update Service    Foxit Software Inc.    (Verified) FOXIT SOFTWARE INC.
csrss.exe    < 0.01    2,856 K    6,448 K    832            
CarboniteUI.exe    < 0.01    23,428 K    37,964 K    12772    Carbonite User Interface    Carbonite, Inc.    (No signature was present in the subject) Carbonite, Inc.
Dell.DCF.UA.Bradbury.API.SubAgent.exe    < 0.01    55,696 K    58,616 K    2948             (Verified) Dell Inc
svchost.exe    < 0.01    3,496 K    9,672 K    2624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    < 0.01    320,680 K    373,268 K    13192    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Dell.TechHub.exe    < 0.01    40,840 K    53,256 K    3784    Dell.TechHub    Dell    (Verified) Dell Inc
WebexHost.exe    < 0.01    9,844 K    17,720 K    12764    Cisco Webex Meetings    Cisco Webex LLC    (Verified) Cisco WebEx LLC
svchost.exe    < 0.01    11,752 K    17,240 K    1112    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    < 0.01    31,556 K    45,440 K    5696    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
RogueKillerSvc.exe    < 0.01    82,160 K    16,300 K    4728    RogueKiller Anti-Malware Scan Service    Adlice Software    (Verified) ADLICE
DDVDataCollector.exe    < 0.01    65,176 K    69,584 K    4920    DDVDataCollector    Dell Technologies Inc.    (Verified) Dell Inc
Dell.TechHub.Instrumentation.SubAgent.exe    < 0.01    105,252 K    102,376 K    6112    Dell Instrumentation        (Verified) Dell Inc
NVDisplay.Container.exe    < 0.01    40,908 K    46,832 K    3076    NVIDIA Container    NVIDIA Corporation    (Verified) Nvidia Corporation
MBAMService.exe    < 0.01    380,040 K    296,820 K    4380            
RogueKiller64.exe    < 0.01    46,420 K    39,252 K    7952    Anti-Malware Scan and Removal    Adlice Software    (Verified) ADLICE
Dell.TechHub.Instrumentation.UserSessionAgent.exe    < 0.01    38,744 K    55,020 K    4016    Dell User Session Agent        (Verified) Dell Inc
SupportAssistAgent.exe    < 0.01    189,148 K    118,236 K    8000         Dell Inc.    (Verified) Dell Inc
ServiceShell.exe    < 0.01    60,744 K    65,384 K    1128    ServiceShell        (Verified) Dell Inc
RuntimeBroker.exe    < 0.01    8,140 K    24,424 K    10348    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
IRMTLyncHelper.LycnConsole.exe    < 0.01    12,632 K    15,216 K    8492    Intel® Ready Mode Technology    Intel Corporation    (Verified) Intel® RMT
svchost.exe    < 0.01    2,312 K    6,732 K    2308    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
msedge.exe    < 0.01    80,828 K    71,668 K    15864    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    3,712 K    21,492 K    9948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
PDFProFiltSrvPP.exe    < 0.01    1,276 K    5,656 K    4532    PDFPro IFilter Service    Nuance Communications, Inc.    (Verified) Nuance Communications, Inc.
svchost.exe    < 0.01    15,684 K    35,280 K    592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
DellSupportAssistRemedationService.exe    < 0.01    88,104 K    82,664 K    7864    DCFWinService    Dell INC.    (Verified) Dell Inc
conhost.exe    < 0.01    6,716 K    8,152 K    6756    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    6,660 K    8,064 K    5760    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    6,728 K    8,140 K    3536    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    6,736 K    8,132 K    3912    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    50,352 K    55,648 K    6044    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
msedge.exe    < 0.01    40,252 K    36,388 K    14312    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
AdminService.exe    < 0.01    2,268 K    7,596 K    4148    Windows Setup API    Windows ® Win 7 DDK provider    (Verified) Microsoft Windows Hardware Compatibility Publisher
conhost.exe    < 0.01    6,716 K    8,144 K    7280    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
RAVBg64.exe    < 0.01    5,692 K    13,396 K    12324    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
mbamtray.exe    < 0.01    26,460 K    37,248 K    4660    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Inc.
svchost.exe    < 0.01    4,284 K    8,036 K    1944    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    33,156 K    32,008 K    7436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    1,592 K    5,564 K    1672    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Dell.D3.WinSvc.exe    < 0.01    119,120 K    82,256 K    4124    Dell.D3.WinSvc        (Verified) Dell Inc
svchost.exe    < 0.01    3,452 K    8,288 K    3012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
officeclicktorun.exe    < 0.01    34,364 K    34,432 K    4180    Microsoft Office Click-to-Run    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    10,156 K    21,280 K    15852    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Dell.TechHub.DataManager.SubAgent.exe    < 0.01    62,160 K    68,296 K    7268    Dell Data Manager        (Verified) Dell Inc
Dell.TechHub.Diagnostics.SubAgent.exe    < 0.01    59,688 K    68,048 K    5488    Dell Diagnostics        (Verified) Dell Inc
svchost.exe    < 0.01    3,852 K    12,004 K    5412    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression    < 0.01    1,172 K    399,728 K    2764            
WUDFHost.exe        2,124 K    7,892 K    2368    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        33,408 K    41,676 K    7880    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        9,012 K    20,348 K    13000    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WINWORD.EXE        116,324 K    102,908 K    16132    Microsoft Word    Microsoft Corporation    (Verified) Microsoft Corporation
winlogon.exe        2,872 K    11,548 K    928    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,456 K    5,484 K    824            
WavesSysSvc64.exe        2,456 K    8,804 K    4712    WavesSysSvc Service Application    Waves Audio Ltd.    (Verified) Waves Inc
WavesSvc64.exe        12,004 K    14,972 K    12388    Waves MaxxAudio Service Application    Waves Audio Ltd.    (Verified) Waves Inc
VSSVC.exe        7,096 K    14,296 K    11592    Microsoft® Volume Shadow Copy Service    Microsoft Corporation    (Verified) Microsoft Windows
Video.UI.exe    Suspended    19,688 K    1,864 K    9680            (No signature was present in the subject)
UserOOBEBroker.exe        2,064 K    8,688 K    11628    User OOBE Broker    Microsoft Corporation    (Verified) Microsoft Windows
TextInputHost.exe        14,000 K    51,140 K    10164        Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        10,912 K    20,764 K    8028    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettings.exe    Suspended    28,680 K    2,052 K    14856    Settings    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        15,560 K    25,440 K    4020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,516 K    7,760 K    3992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,376 K    14,708 K    7620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,180 K    16,716 K    3552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,040 K    9,100 K    3356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,756 K    10,200 K    13552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        21,292 K    18,988 K    1900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,512 K    17,976 K    2876    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,204 K    26,368 K    1468    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,196 K    8,060 K    3264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,460 K    9,332 K    1584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,860 K    6,192 K    3368    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        34,608 K    40,484 K    4188    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,936 K    19,944 K    7324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,888 K    7,660 K    1160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,232 K    7,404 K    1816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,596 K    10,320 K    2492    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,356 K    17,400 K    4356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,912 K    13,348 K    2632    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,056 K    7,272 K    4024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,668 K    14,292 K    3152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,456 K    8,392 K    4368    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,064 K    8,428 K    13260    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,584 K    11,112 K    7724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,160 K    18,820 K    13400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,384 K    6,840 K    4996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,404 K    13,036 K    10468    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,044 K    14,100 K    3736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        19,288 K    29,148 K    4196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,708 K    15,184 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,316 K    5,276 K    2640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,764 K    9,932 K    14388            
svchost.exe        1,836 K    7,208 K    7528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,660 K    8,980 K    7332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,748 K    15,364 K    1548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,836 K    6,528 K    6068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,720 K    20,016 K    8992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,860 K    7,860 K    16052            
svchost.exe        2,356 K    8,220 K    2728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,740 K    15,892 K    4164    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,472 K    38,032 K    6936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,064 K    6,948 K    2952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,928 K    10,588 K    1880    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,348 K    4,864 K    4816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,644 K    18,616 K    4776    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,912 K    8,056 K    8532    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,156 K    11,164 K    1436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,524 K    19,312 K    11888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    8,088 K    1104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11,052 K    13,536 K    3976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,308 K    6,720 K    2156    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,452 K    10,020 K    1036            
svchost.exe        2,284 K    11,520 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,364 K    5,964 K    1920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,620 K    5,668 K    4624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,292 K    5,044 K    4696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,824 K    9,580 K    4228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,408 K    9,456 K    3832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,776 K    7,280 K    3676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,644 K    5,780 K    2424    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,864 K    6,804 K    1428    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,620 K    5,820 K    1804    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,484 K    6,244 K    2300    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,864 K    13,148 K    1704    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,344 K    4,652 K    1412    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,648 K    9,856 K    1420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,400 K    6,584 K    2736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,736 K    7,724 K    12300            
svchost.exe        1,888 K    9,060 K    12148    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,740 K    10,784 K    4528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,412 K    12,240 K    14628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,348 K    6,220 K    2056    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,084 K    14,036 K    1712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        35,172 K    91,764 K    2508            (Verified) Microsoft Windows
spoolsv.exe        5,724 K    13,256 K    3884    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,068 K    1,112 K    636            
sihost.exe        7,576 K    27,724 K    5184    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    15,424 K    53,440 K    12108    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        5,216 K    7,144 K    352            
services.exe        7,420 K    10,736 K    900            
SecurityHealthService.exe        3,076 K    10,616 K    14636            
SearchApp.exe    Suspended    254,712 K    115,224 K    9380    Search application    Microsoft Corporation    (Verified) Microsoft Windows
SearchApp.exe    Suspended    152,460 K    94,164 K    12856    Search application    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        11,120 K    37,156 K    15832    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        17,672 K    48,332 K    10352    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,948 K    25,996 K    9412    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,932 K    17,920 K    8536    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        11,972 K    34,688 K    14868    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,392 K    25,808 K    6724    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,236 K    20,284 K    14296    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,128 K    9,044 K    3624    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        8,896 K    16,672 K    10516    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe        2,132 K    7,804 K    3212    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RstMwService.exe        1,892 K    6,516 K    4704    Intel® Rapid Storage Technology Management Service    Intel Corporation    (Verified) Intel Corporation
Registry        9,612 K    97,248 K    140            
RAVBg64.exe        6,156 K    13,644 K    2460    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
QcomWlanSrvx64.exe        1,448 K    5,448 K    4616            (Verified) Qualcomm Atheros, Inc.
procexp.exe        5,116 K    12,628 K    16104    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PhoneExperienceHost.exe        50,576 K    161,588 K    8568    Microsoft Phone Link    Microsoft Corporation    (Verified) Microsoft Corporation
OneApp.IGCC.WinService.exe        40,760 K    44,240 K    4172    Intel® Graphics Command Center Service    Intel Corporation    (Verified) Intel Corporation
NVDisplay.Container.exe        7,580 K    18,020 K    2388    NVIDIA Container    NVIDIA Corporation    (Verified) Nvidia Corporation
msedge.exe        14,408 K    34,156 K    1648    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        53,228 K    99,604 K    11848    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        8,004 K    17,640 K    15744    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        15,048 K    24,636 K    13724    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        2,056 K    7,224 K    10948    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
MoUsoCoreWorker.exe        4,320 K    15,032 K    15628    MoUSO Core Worker Process    Microsoft Corporation    (Verified) Microsoft Windows
Microsoft.Photos.exe    Suspended    73,640 K    4,704 K    13612            (No signature was present in the subject)
Microsoft.Media.Player.exe    Suspended    21,608 K    1,640 K    10032    Microsoft.Media.Player    Microsoft    (No signature was present in the subject) Microsoft
lsass.exe        9,880 K    22,200 K    968    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
LockApp.exe    Suspended    16,336 K    55,176 K    7660    LockApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
KNDBWMService.exe        14,740 K    14,968 K    4132    Windows Service Wrapper    Intel® Corporation    (Verified) Intel Corporation
KNDBWM.exe        6,372 K    14,220 K    6048    Rivet DBWM    Intel® Corporation    (Verified) Intel Corporation
KillerAnalyticsService.exe        7,924 K    10,476 K    4264    Killer Analytics Service    Intel    (Verified) Intel Corporation
jhi_service.exe        1,588 K    6,196 K    7244    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel® Embedded Subsystems and IP Blocks Group
IRMTService.exe        3,008 K    11,612 K    4256    Intel® Ready Mode Technology Service    Intel Corporation    (Verified) Intel® RMT
IntuitUpdateService.exe        56,948 K    17,440 K    3252    Intuit Update Service    Intuit Inc.    (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider) Intuit Inc.
IntelCpHeciSvc.exe        1,492 K    6,616 K    2044    IntelCpHeciSvc Executable    Intel Corporation    (Verified) Intel Corporation
IntelCpHDCPSvc.exe        1,416 K    6,772 K    1772    Intel HD Graphics Drivers for Windows®    Intel Corporation    (Verified) Intel Corporation
igfxEM.exe        3,804 K    13,360 K    9080    igfxEM Module    Intel Corporation    (Verified) Intel Corporation
igfxCUIService.exe        2,056 K    8,428 K    2196    igfxCUIService Module    Intel Corporation    (Verified) Intel Corporation
fontdrvhost.exe        5,848 K    11,384 K    1020    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        6,548 K    6,556 K    992    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        355,892 K    300,380 K    13560    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        28,860 K    33,604 K    4952    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        84,356 K    125,308 K    3708    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        28,812 K    33,564 K    11780    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        51,892 K    77,268 K    7652    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        40,148 K    48,464 K    9480    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        23,156 K    16,484 K    8276    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        28,952 K    33,484 K    16116    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        22,592 K    17,920 K    5244    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
DropboxUpdate.exe        2,148 K    4,708 K    1168    Dropbox Update    Dropbox, Inc.    (Verified) Dropbox, Inc
dllhost.exe        4,500 K    12,204 K    11272    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
DDVRulesProcessor.exe        6,192 K    13,420 K    2088    Dell Data Vault Rules Processor    Dell Technologies Inc.    (Verified) Dell Inc
DDVCollectorSvcApi.exe        1,848 K    8,028 K    8436    Dell Data Vault Data Collector Service API    Dell Technologies Inc.    (Verified) Dell Inc
DCCService.exe        22,808 K    32,848 K    3276    DCCService    Dell Inc.    (Verified) Dell Inc
DbxSvc.exe        2,444 K    5,240 K    4156    Dropbox Service    Dropbox, Inc.    (Verified) Dropbox, Inc
ctfmon.exe        5,200 K    21,496 K    8184    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        2,164 K    5,756 K    728            
Cortana.exe    Suspended    32,736 K    63,664 K    14180    Cortana    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
conhost.exe        6,696 K    13,160 K    5252    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
ApplicationFrameHost.exe        14,940 K    32,192 K    12632    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
aesm_service.exe        3,108 K    13,028 K    8136    Intel® SGX Application Enclave Services Manager    Intel Corporation    (Verified) Intel Corporation


 


  • 0

Advertisements

#11
wayneman50
Posted 27 March 2023 - 06:25 AM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

FYI I have an external drive I use to make backups once a week. I I only plug it in when all apps are closed (including internet browsers), then I run the Windows backup utility. When the backup is done, I unplug it.


  • 0

#12
RKinner
Posted 27 March 2023 - 01:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I see some errors with your Audio and with your Ethernet.  If you connect to the Internet with an Ethernet cable you probably need a new driver.  You have:

Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2D645390-CC15-4330-94C5-A6BE37B267F8}) (Version: 33.22.1182 - Rivet Networks)

The latest version is 34. something.

https://www.intel.co...ance-suite.html

 

If you don't use the cable then you should go in and disable the Ethernet connection.

 

You currently have:

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)

for your audio driver.  Latest is a bit newer so I'd update it too.:

 

https://www.intel.co...e-products.html

 

Then let's check your system files and see if everything is fine:

Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   414bytes   87 downloads
 
Run FRST (right click and Run As Admin) and press Fix.  This should only take 30 minutes on a decent system.  It will reboot when done
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
Latency Monitor:
 
Go to
 
 
Scroll down to
 
System Monitoring Tools
 
and then find
 
LatencyMon 7.0 (or it may be a higher number if they update)
 
Click on Download free home edition
 
Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it. 
 
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  
 
 
Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it. 
 
In the Search box type:  dxdiag 
 
wait for it to find it.  Right click on dxdiag.exe and Run As Admin.
Yes
Once it finishes (green line in bottom left goes away)
 
Save All Information.  Point it at your desktop and it should save it as dxdiag.txt.
 
Exit
 
Double click on dxdiag.txt and copy and paste the text into a reply.
 

 

 


  • 0

#13
wayneman50
Posted 27 March 2023 - 02:52 PM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

Yes I am using an Ethernet cable. I tried to install Killer and got the attached message.

 

I unzipped Audio-Win. I’m not sure what to run. I don't see any instructions on the Intel page. I found these two exes - see attached. Is it one of these?

 

Attached Thumbnails

  • Killer performance.JPG
  • Audio-Win folder.JPG

  • 0

#14
RKinner
Posted 27 March 2023 - 04:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't suppose Dell has a newer Ethernet driver for you?  Perhaps it will install if you first uninstall the old driver?

 

For the zip I'd try the setup first then the other if the setup doesn't work.


  • 0

#15
wayneman50
Posted 27 March 2023 - 06:22 PM

wayneman50

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 587 posts

I think my extended warranty is still in effect. I'll call Dell tomorrow and let you know what happens.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP