Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtool:WIN32/Defender TamperingRestore and Removed

Started by snowysdad43 , May 26 2024 06:28 PM

  • Please log in to reply

#1
snowysdad43
Posted 26 May 2024 - 06:28 PM

snowysdad43

    Member

  • Member
  • PipPipPip
  • 237 posts

Hello 
my computer is running windows 10  and started acting different ,Ocasionally i would see a comand prompt screen for a brief moment and it would disapear immedietly >
Then not long after web pages i was on would just blink off and i would have to reopen them .
Then i started getting black screens randomly  like if i tried to run a super antispyware scan or any type of security scan .
I downloaded microsoft safety scanner and it said it founf the Virtool win/32defender tampering restore and removed virus .
I run my bitdefender anti virus it says nnothing found  same with malwarebytes .
I am pretty sure my laptop has a virus andi am not the most tech savy person 
any help or guidance would be greatly appreciated 
Thank you 
Here are the scan logs from FRST 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.05.2024 01
Ran by casey (administrator) on DESKTOP-OO17RR8 (Dell Inc. Inspiron 5593) (26-05-2024 20:10:30)
Running from C:\Users\casey\OneDrive\Desktop\FRST64.exe
Loaded Profiles: casey
Platform: Microsoft Windows 10 Home Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\lightway.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.272\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bduserhost.exe <2>
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxEMN.exe
(explorer.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnapp.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\casey\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\Microsoft.SharePoint.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (Expressco Services LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Get Aura Inc -> AnchorFree Inc.) C:\Program Files\Bitdefender\Bitdefender VPN\UnifiedSDK.Service\UnifiedSDK.Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4789e47f6228caeb\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d8b7fef7fc5b1320\IntelCpHDCPSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\SessionService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\casey\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-03] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1067296 2024-02-29] (Bitdefender SRL -> Bitdefender)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [493400 2024-01-23] (Bitdefender SRL -> Bitdefender)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN (No File)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381232 2024-05-09] (Expressco Services LLC -> ExpressVPN)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11248160 2024-05-08] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\Run: [MicrosoftEdgeAutoLaunch_E3220D0141ECEE7B3CE785A56F9FFDA8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [855344 2024-05-09] (Expressco Services LLC -> ExpressVPN)
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\MountPoints2: {542239d4-5992-11eb-8e39-405bd89d7605} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL D:\VZW_Software_upgrade_assistant.exe
HKLM\...\Windows x64\Print Processors\Canon TR4700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHL.DLL [543744 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor TR4700 series: C:\WINDOWS\system32\CNCALHL.DLL [266752 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TR4700 series: C:\WINDOWS\system32\CNMLMHL.DLL [989184 2021-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\125.0.6422.77\Installer\chrmstp.exe [2024-05-23] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {D2E58ACD-9EFD-4C43-AF09-97FAF32FF113} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {2AA9F4CE-ECE8-4001-ACF2-49F2D2880BE0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.272\WatchDog.exe [1150456 2024-05-17] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.0.1.272\repair
Task: {7D949E87-64E0-4680-A611-EA9BD9C85FAB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {CBD1A6ED-9654-4FC8-9C92-B05219693A90} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{935A9CA1-1968-40F0-B9F6-329995404100} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
Task: {5CF42E47-74D1-4D38-B767-84436911E361} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {636C462F-D965-46A9-8477-99AD0D61A61B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1FF02D8-27FA-4A13-88C1-6E416B5B9381} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E22E173-0901-4AB2-9EC0-85AC790C24D0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {127F1F0F-E5E0-4D41-8A17-0C3729D980AE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A457B664-A384-42DC-BEAA-E2EBDCFA6B30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EDAC1463-914A-4123-B4E3-357DDAA6F658} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1BC1FDE7-893F-49A5-9E85-4D0A8A73F821} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B9F3D6ED-BFCF-4D67-B32D-E64AC3167C3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F296621B-EC66-40AA-A3FF-2957AE128EC6} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [96520 2021-08-13] (Rivet Networks LLC -> DELL)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: 54.186.190.208 geoip.pango-paas.co
Tcpip\..\Interfaces\{72a861c5-7673-4963-b522-7f836525b0a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72a861c5-7673-4963-b522-7f836525b0a0}: [DhcpDomain] myfiosgateway.com
Tcpip\..\Interfaces\{a8b2350e-11d1-4e8c-b19c-1c8b5d3579b2}: [NameServer] 198.51.100.1
Tcpip\..\Interfaces\{e5c9cea9-f135-40b4-8e8f-0682de5fd207}: [NameServer] 100.64.100.1
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}: [DhcpDomain] myfiosgateway.com
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}\34A4C44333: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}\34A4C44333: [DhcpDomain] home
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}\960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}\D696E6B616: [DhcpNameServer] 192.168.0.34
Tcpip\..\Interfaces\{f02a93b0-3c82-4e69-b4ce-5458061c9f0f}\D696E6B616: [DhcpDomain] EX3110
 
Edge: 
=======
Edge Profile: C:\Users\casey\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-26]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Bitdefender Anti-tracker) - C:\Users\casey\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2024-03-23]
Edge Extension: (Google Docs Offline) - C:\Users\casey\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\casey\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-17]
Edge Extension: (Edge relevant text changes) - C:\Users\casey\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2024-03-01] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\casey\AppData\Local\Google\Chrome\User Data\Default [2024-05-26]
CHR DownloadDir: C:\Users\casey\OneDrive\Desktop
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.oann.com/
CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2024-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\casey\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-10-19]
CHR Profile: C:\Users\casey\AppData\Local\Google\Chrome\User Data\System Profile [2024-03-24]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\UnifiedSDK.Service\UnifiedSDK.Service.exe [69034416 2024-03-13] (Get Aura Inc -> AnchorFree Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [849328 2024-02-29] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-29] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-29] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2963856 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [849328 2024-02-29] (Bitdefender SRL -> Bitdefender)
R2 bdvpnservice; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [503240 2024-01-23] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [313488 2019-06-24] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [57760 2023-12-20] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-01-17] (Dell Inc -> Dell INC.)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{E044A354-58AB-4312-8275-3FF7CAF80445} [22384 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [439088 2024-05-09] (Expressco Services LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [439088 2024-05-09] (Expressco Services LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [439088 2024-05-09] (Expressco Services LLC -> ExpressVPN)
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [446328 2023-09-13] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-12] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-22] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [688624 2024-05-17] (Bitdefender SRL -> Bitdefender)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1633040 2021-08-13] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2390800 2021-08-13] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [282728 2024-02-29] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-29] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-24] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [6611008 2023-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [800168 2023-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [24568 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\WINDOWS\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [42440 2024-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 bdvpn_netfilter; C:\WINDOWS\System32\drivers\bdvpn_netfilter.sys [94600 2023-11-12] (Pango Inc. -> Pango Inc)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2024-05-09] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-11-08] (Express VPN International Ltd. -> ExpressVPN)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
S3 Ignisv2; C:\WINDOWS\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [166032 2021-08-13] (Intel Corporation -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2020-10-20] (ExprsVPN LLC -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [629184 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [520144 2023-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21056 2024-05-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601496 2024-05-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-24] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2024-03-23] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-26 20:10 - 2024-05-26 20:11 - 000034060 _____ C:\Users\casey\OneDrive\Desktop\FRST.txt
2024-05-26 20:02 - 2024-05-26 20:10 - 000000000 ____D C:\FRST
2024-05-25 19:35 - 2024-05-25 19:35 - 002395136 _____ (Farbar) C:\Users\casey\OneDrive\Desktop\FRST64.exe
2024-05-25 18:23 - 2024-05-25 18:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915631250-2020585093-1217566574-1001
2024-05-25 18:23 - 2024-05-25 18:23 - 000002381 _____ C:\Users\casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-25 11:22 - 2024-05-25 11:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-05-25 00:35 - 2024-05-25 11:39 - 110624768 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-05-25 00:30 - 2024-05-25 00:35 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-05-24 20:05 - 2024-05-24 20:05 - 000094304 _____ C:\ProgramData\agent.update.1716595494.bdinstall.v2.bin
2024-05-23 23:25 - 2024-05-23 23:25 - 000000000 ____D C:\Users\casey\AppData\Local\DBG
2024-05-23 23:25 - 2024-05-23 23:25 - 000000000 ____D C:\ProgramData\dbg
2024-05-23 18:25 - 2024-05-23 18:26 - 000013206 _____ C:\Users\casey\OneDrive\Desktop\Invoice 133 County Rd  Plympton.pdf
2024-05-23 18:19 - 2024-05-23 18:19 - 000013115 _____ C:\Users\casey\OneDrive\Desktop\Invoice 3 Marion Rd Scituate.pdf
2024-05-23 18:07 - 2024-05-23 18:07 - 000013135 _____ C:\Users\casey\OneDrive\Desktop\Invoice 115 lakehurst ave weymouth.pdf
2024-05-20 20:26 - 2024-05-25 18:19 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-20 20:26 - 2024-05-20 20:26 - 010079372 _____ C:\WINDOWS\Minidump\052024-12515-01.dmp
2024-05-15 15:12 - 2024-05-15 15:12 - 000000000 ___HD C:\$WinREAgent
2024-05-09 17:14 - 2024-05-23 23:38 - 000000072 _____ C:\WINDOWS\system32\AdsInfoCls
2024-05-08 12:24 - 2024-05-08 12:24 - 000000000 ___HD C:\OneDriveTemp
2024-04-30 23:26 - 2024-04-30 23:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-26 20:10 - 2019-12-14 23:12 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2024-05-26 20:04 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-26 20:02 - 2020-07-05 07:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-26 20:01 - 2020-01-19 13:11 - 000000000 ___RD C:\Users\casey\OneDrive
2024-05-26 20:01 - 2020-01-19 13:08 - 000000000 __SHD C:\Users\casey\IntelGraphicsProfiles
2024-05-26 20:00 - 2019-12-14 23:08 - 000000000 ____D C:\ProgramData\Goodix
2024-05-25 19:49 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-25 19:45 - 2023-05-12 06:26 - 000000000 ____D C:\Users\casey\AppData\Local\Malwarebytes
2024-05-25 18:24 - 2020-10-02 20:44 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-25 18:24 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-05-25 18:23 - 2021-12-10 19:04 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-915631250-2020585093-1217566574-1001
2024-05-25 18:21 - 2020-10-02 20:41 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-25 18:21 - 2020-10-02 20:41 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-25 18:19 - 2020-10-16 07:11 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-05-25 18:19 - 2020-10-02 20:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-25 18:19 - 2019-12-14 23:08 - 000000000 ____D C:\Intel
2024-05-25 18:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-25 11:39 - 2019-12-07 05:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2024-05-25 11:28 - 2021-12-18 03:08 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-25 11:22 - 2020-10-26 09:10 - 002461902 _____ C:\WINDOWS\ntbtlog.txt
2024-05-24 22:44 - 2020-01-19 13:08 - 000000000 ____D C:\Users\casey\AppData\Local\Packages
2024-05-24 22:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-24 20:47 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-05-24 20:46 - 2019-12-14 23:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-24 20:30 - 2020-10-02 20:37 - 000000000 ____D C:\Users\casey
2024-05-24 20:05 - 2021-02-19 08:46 - 000003848 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2024-05-24 20:05 - 2021-02-19 08:44 - 000000000 ____D C:\Program Files\Bitdefender Agent
2024-05-24 19:47 - 2020-10-02 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-24 19:26 - 2020-11-10 09:31 - 000000000 ____D C:\Users\casey\AppData\Local\CrashDumps
2024-05-24 11:40 - 2024-03-30 12:07 - 000000000 ____D C:\Users\casey\AppData\Roaming\reolink
2024-05-23 23:43 - 2019-12-14 23:31 - 000000000 ____D C:\ProgramData\Packages
2024-05-23 18:13 - 2020-01-21 14:01 - 000000000 ____D C:\Users\casey\AppData\Roaming\Microsoft\Word
2024-05-23 18:11 - 2021-09-25 13:37 - 000000000 ____D C:\Users\casey\OneDrive\Desktop\invoices to bob
2024-05-23 17:44 - 2020-01-19 13:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-22 17:48 - 2019-12-14 23:21 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-22 17:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-21 19:19 - 2021-09-23 07:43 - 000000000 ____D C:\Users\casey\AppData\Roaming\Zoom
2024-05-21 17:37 - 2024-02-11 18:53 - 000000000 ____D C:\ProgramData\CanonIJPLM
2024-05-21 17:31 - 2021-02-12 17:06 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2024-05-20 20:26 - 2023-06-12 13:01 - 2080746419 _____ C:\WINDOWS\MEMORY.DMP
2024-05-20 20:26 - 2022-07-19 13:28 - 000000000 ____D C:\WINDOWS\Minidump
2024-05-20 19:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2024-05-16 22:14 - 2021-06-03 20:29 - 000000000 ____D C:\Users\casey\OneDrive\Desktop\Home Inspection Reports
2024-05-16 14:52 - 2020-10-24 11:04 - 000435384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-16 14:49 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-05-16 14:49 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-05-16 14:49 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-05-16 14:49 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-16 14:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-16 14:49 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-05-15 15:39 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-15 15:28 - 2020-10-02 20:37 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-15 15:12 - 2022-11-11 15:17 - 000000000 ____D C:\Program Files\RUXIM
2024-05-15 15:12 - 2019-12-14 23:18 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-15 15:11 - 2022-04-06 11:51 - 000000000 ____D C:\Program Files\dotnet
2024-05-15 15:11 - 2020-01-19 16:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-15 15:09 - 2020-01-19 16:20 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-14 14:54 - 2020-06-25 22:29 - 000000000 ____D C:\Users\casey\AppData\Local\D3DSCache
2024-05-09 19:50 - 2021-09-08 17:20 - 000000000 ____D C:\Users\casey\OneDrive\Desktop\H I  lincense docs
2024-05-09 19:33 - 2020-03-08 14:52 - 000000000 ____D C:\Users\casey\AppData\Roaming\Microsoft\Excel
2024-05-09 19:25 - 2022-05-10 17:48 - 000000000 ____D C:\Users\casey\OneDrive\Desktop\Papa kitty
2024-05-09 19:25 - 2021-12-04 14:29 - 000000000 ____D C:\Users\casey\OneDrive\Desktop\Bob Perry
2024-05-09 17:06 - 2020-10-29 19:46 - 000000445 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2024-05-09 14:58 - 2020-01-30 10:54 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-04-30 23:26 - 2020-01-19 13:13 - 000000000 ____D C:\Program Files (x86)\Google
 
==================== Files in the root of some directories ========
 
2024-03-30 08:43 - 2024-03-30 08:43 - 000000211 _____ () C:\Users\casey\AppData\Roaming\com.reolink.app.client
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Here is the Adition  file Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.05.2024 01
Ran by casey (26-05-2024 20:11:55)
Running from C:\Users\casey\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4412 (X64) (2020-10-03 00:41:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-915631250-2020585093-1217566574-500 - Administrator - Disabled)
casey (S-1-5-21-915631250-2020585093-1217566574-1001 - Administrator - Enabled) => C:\Users\casey
DefaultAccount (S-1-5-21-915631250-2020585093-1217566574-503 - Limited - Disabled)
Guest (S-1-5-21-915631250-2020585093-1217566574-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-915631250-2020585093-1217566574-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {0F59B032-EA77-E3A8-2382-74A4346E5522}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
AppLogLibSetup (HKLM-x32\...\{7C40ADB8-AD6E-4CDF-94A1-06ACDC99F90F}) (Version: 1.0.2.0 - Brother Industries Ltd.) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.0.1.272 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 27.0.30.140 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 26.1.0.54 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.60.1.15 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.5.2 - Canon Inc.)
Canon TR4700 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TR4700_series) (Version: 1.01 - Canon Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{16AE9E0C-0E0C-4AD6-82B4-D0F8AB94082F}) (Version: 5.0.86.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.4.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{DC9B5977-7B0A-4A86-A55E-72488C990E6E}) (Version: 5.5.5.16458 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{6b7b873a-87ed-446e-96e4-74aa2bc926bb}) (Version: 5.5.5.16458 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
ExpressVPN (HKLM-x32\...\{406f1537-ec07-424c-9505-bb60ac9094c4}) (Version: 12.52.0.26 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8990D784B}) (Version: 12.52.0.26 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.77 - Google LLC)
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.30 (x64) (HKLM\...\{543852FC-D0E4-481B-B2B2-BEB271DED058}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.30 (x64) (HKLM\...\{E80165F8-5F40-42C5-82CE-BE934C750771}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.30 (x64) (HKLM\...\{63F2E1E5-10EC-4F55-B92D-D65A7AA41A15}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM\...\{D624CDFC-3CDA-47F7-9F84-A3CCB8D3396B}) (Version: 48.120.13587 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM-x32\...\{b2b66c6f-6c27-49d1-846a-6c27d322b9bb}) (Version: 6.0.30.33617 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.1 - Canon Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Reolink 8.15.6 (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\3e633401-0468-5835-935c-33d2b4b2a764) (Version: 8.15.6 - Shenzhen Reolink Technology Co., Ltd.)
Reolink 8.8.1 (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\{3e633401-0468-5835-935c-33d2b4b2a764}) (Version: 8.8.1 - Shenzhen Reolink Technology Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{A0CDAD3D-0329-4E3E-8DC1-30E333D6564D}) (Version: 3.1.995 - Rivet Networks)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Chrome apps:
============
Docs (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\5ed7179980d68dcc508b5b0e50b8fdd9) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\fd1bb7c23eba73b8da52dd34a58eb8fd) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\44bf66e58e905f973f43f7233e149886) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\c9f3e9d52d36dd98bf6ac337c089d4c9) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\231f7bf09b0ad4cee53317fb1c4a0c8d) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\169784bd362ec376de1ac1b151bdd412) (Version: 1.0 - Google\Chrome)
 
Packages:
=========
 
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_8.3.1.0_x64__kgqvnymyfvs32 [2024-04-30] (king.com)
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-08-11] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.5.5.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.86.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2024-05-20] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.14.40.0_x64__htrsf667h5kn2 [2023-04-03] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2024-04-09] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86__htrsf667h5kn2 [2023-05-31] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.23.0_x64__xbfy0k16fey96 [2024-05-20] (Dropbox Inc.)
Home Design Makeover -> C:\Program Files\WindowsApps\Storm8Studios.HomeDesignMakeover_4.5.7.0_x64__9y6tqmcremh5r [2023-07-04] (Storm8 Studios)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt [2024-05-21] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-09-23] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-05-20] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2024-05-20] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-10] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation) [Startup Task]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_2.7.1181.0_x86__8wekyb3d8bbwe [2024-05-20] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-10] (Microsoft Corporation)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-06] (Rivet Networks LLC)
The Legacy: Forgotten Gates (free to play) -> C:\Program Files\WindowsApps\FIVE-BN.TheLegacyForgottenGatesfreetoplay_1.0.7.0_x64__r4ncp3q39h9fa [2024-05-24] (FIVE-BN STUDIO)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-05-20] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-06-10] (Waves Audio)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-05-20] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-915631250-2020585093-1217566574-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-22] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Forte Home Inspections Mail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=okkolgldfknecfjnhhglfopimelbaceh
ShortcutWithArgument: C:\Users\casey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2024-02-11 20:41 - 2019-10-11 16:45 - 000353280 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2024-02-11 20:41 - 2019-11-01 10:16 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2024-02-11 20:41 - 2019-12-05 17:17 - 000008704 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2024-02-11 20:41 - 2019-12-05 17:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\casey\OneDrive\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MBSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (2).exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> DefaultScope {167878A6-3415-4CD1-9319-D465F699C741} URL = 
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> {167878A6-3415-4CD1-9319-D465F699C741} URL = 
BHO: Bitdefender Anti-tracker -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackerstbie.dll [2024-02-29] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Anti-tracker -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security App\antispam32\bdtrackerstbie.dll [2024-02-29] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2024-05-10 00:01 - 2024-05-10 00:01 - 000000863 _____ C:\WINDOWS\system32\drivers\etc\hosts
54.186.190.208 geoip.pango-paas.co
 
2020-10-29 19:46 - 2024-05-09 17:06 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
92.168.137.1 DESKTOP-OO17RR8.mshome.net # 2025 10 2 28 23 51 0 844
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\casey\OneDrive\Desktop\Harley\39504572_1437995139669868_9073225671018283008_n.jpg
DNS Servers: 100.64.100.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B2C24061-AEC3-4B99-9DB3-64207E4FE81C}] => (Allow) LPort=54925
FirewallRules: [{4A18DD10-9FD3-4A6B-9616-59EDBD4D1D26}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{B5B36A91-AD0C-42C0-92A2-3B3BED8ECB18}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{2C8DD93E-C4FC-4F4B-964E-72561DA8FBFC}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A66A79D3-C5DB-432D-8D96-999DB43DFB1F}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{32DF2D59-34BC-4A07-9FC1-D291FFD99798}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{81D3C4D5-DD17-40C4-91DE-3CFE370DFCC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D130CCC-EEAB-4180-928E-56365C1E2A05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C39E45C2-6A38-4479-99F8-6ECCD5B396F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{008039B5-1818-4D80-938B-FE1646AE4259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B87C213-A7A9-4FD6-B9ED-13FF6499722E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{876AB8E3-0C87-4169-9BD4-F0E8B2E9EF56}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B947AB58-5055-4524-A25C-24435FEB9F04}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (Bitdefender SRL -> Bitdefender)
FirewallRules: [TCP Query User{9F672A95-C8AB-442D-93C9-BF1D1EEF54BA}C:\users\casey\appdata\local\programs\reolink\reolink.exe] => (Allow) C:\users\casey\appdata\local\programs\reolink\reolink.exe (Reolink Innovation Inc. -> Shenzhen Reolink Technology Co., Ltd.)
FirewallRules: [UDP Query User{BC58491D-E3BE-4C46-BEDD-C3799076FED5}C:\users\casey\appdata\local\programs\reolink\reolink.exe] => (Allow) C:\users\casey\appdata\local\programs\reolink\reolink.exe (Reolink Innovation Inc. -> Shenzhen Reolink Technology Co., Ltd.)
FirewallRules: [{64DD0AFD-E45D-4E76-93E1-571D6AFD1535}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CB8AE1B-9E3D-40E7-850D-CEF266BBED79}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13636EB6-5F69-4DD7-8629-F2D1F408EA4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EAF1BC3-1876-4C2E-933D-3AB00C717FB2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E91A5E23-7B34-492F-BF07-4970D2F71D2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F0FCB189-BBDB-4E52-8249-A13B52DCB80F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/24/2024 10:13:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3d3cc598-341a-49cb-bd18-2252ebb6ac38}
 
Error: (05/24/2024 10:08:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3d3cc598-341a-49cb-bd18-2252ebb6ac38}
 
Error: (05/24/2024 07:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.4355, time stamp: 0x6564cf4e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4355, time stamp: 0xd7762934
Exception code: 0xc00001ad
Fault offset: 0x000000000012d332
Faulting process id: 0x38fc
Faulting application start time: 0x01daae31b6be08d6
Faulting application path: C:\WINDOWS\System32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e202b636-04d1-405e-9110-283dc008110d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/24/2024 07:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.19041.4355, time stamp: 0x27297275
Faulting module name: ntdll.dll, version: 10.0.19041.4355, time stamp: 0x35a939aa
Exception code: 0xc00000fd
Fault offset: 0x000000000002c2e1
Faulting process id: 0x4824
Faulting application start time: 0x01daae31cd5cc595
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5daf533c-142b-4d7a-aa58-c0344092cd2a
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.4239_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
 
Error: (05/24/2024 07:26:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.19041.4355, time stamp: 0x27297275
Faulting module name: ntdll.dll, version: 10.0.19041.4355, time stamp: 0x35a939aa
Exception code: 0xc00000fd
Fault offset: 0x0000000000022c80
Faulting process id: 0x8f8
Faulting application start time: 0x01daae31c8c4bd02
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 52efdfe2-7be4-467f-bad1-cdf49e6f8a5a
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.4239_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
 
Error: (05/24/2024 07:26:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8007000e
Fault offset: 0x00007fff9d7ccd96
Faulting process id: 0x4870
Faulting application start time: 0x01daae31c121b5ff
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 17f204aa-f90f-4311-a29c-f0e691ca93be
Faulting package full name: Microsoft.Windows.Search_1.14.15.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (05/24/2024 07:25:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.4355, time stamp: 0x80451368
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4355, time stamp: 0xd7762934
Exception code: 0xc000027b
Fault offset: 0x000000000012d332
Faulting process id: 0x428c
Faulting application start time: 0x01daae31baf81fb6
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d19a5183-2f0c-4bf1-99e1-57afdc8f787e
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (05/24/2024 07:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.4355, time stamp: 0x6564cf4e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4355, time stamp: 0xd7762934
Exception code: 0xc00001ad
Fault offset: 0x000000000012d332
Faulting process id: 0x48cc
Faulting application start time: 0x01daae31b5470233
Faulting application path: C:\WINDOWS\System32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 624f8afc-3df7-4d62-ab5b-5665542c9bd3
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/25/2024 11:39:52 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/25/2024 11:39:48 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Error: (05/25/2024 11:39:48 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (05/25/2024 11:39:42 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (05/25/2024 11:39:36 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (05/25/2024 11:39:30 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (05/25/2024 11:39:24 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (05/25/2024 11:39:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OO17RR8)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
 
Windows Defender:
================
Date: 2024-05-24 19:09:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2024-03-23 13:54:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-22 13:52:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-21 14:18:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-20 14:25:19
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2024-05-25 11:32:08
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.411.346.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24040.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2024-05-25 11:22:02
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-05-24 19:39:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.411.346.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24040.1
Error code: 0x80240022
Error description: The program can't check for definition updates. 
 
Date: 2024-05-24 19:39:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.411.346.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24040.1
Error code: 0x80240022
Error description: The program can't check for definition updates. 
 
Date: 2024-05-24 19:28:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.411.346.0;1.411.346.0
Engine Version: 1.1.24040.1
 
CodeIntegrity:
===============
Date: 2024-05-26 20:10:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267059357120000000\antimalware_provider64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2024-05-26 20:06:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2024-05-26 20:05:50
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.30.0 03/07/2024
Motherboard: Dell Inc. 0FHJFF
Processor: Intel® Core™ i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 84%
Total physical RAM: 7959.33 MB
Available physical RAM: 1212.06 MB
Total Virtual: 11159.33 MB
Available Virtual: 3124.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:460.55 GB) (Free:330.36 GB) (Model: PC SN520 NVMe WDC 512GB) NTFS
 
\\?\Volume{6380efac-9249-44ed-82d6-5794177c32a4}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.11 GB) NTFS
\\?\Volume{71d7b2f6-e8d5-43df-b2cb-040d4621b891}\ (Image) (Fixed) (Total:13.04 GB) (Free:0.51 GB) NTFS
\\?\Volume{3cfd8853-97f1-4d3e-a853-5d50493f8539}\ (DELLSUPPORT) (Fixed) (Total:1.51 GB) (Free:0.61 GB) NTFS
\\?\Volume{f5e69669-48f2-4d49-9902-491051fa29f7}\ (ESP) (Fixed) (Total:0.73 GB) (Free:0.65 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: AB4A6008)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted Yesterday, 09:10 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,190 posts

Hello.
 
The logs don't indicate signs of an active infection. However, we will do some checks to ensure that everything is clean.

First, please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=====================

1. Remove McAfee

Select Start , then select Settings > Apps > Apps & features.

Select McAfee® Personal Security, and then select Uninstall.
 
 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\MountPoints2: {542239d4-5992-11eb-8e39-405bd89d7605} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL D:\VZW_Software_upgrade_assistant.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
AlternateDataStreams: C:\Users\casey\OneDrive\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MBSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (2).exe:BDU [0]
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> DefaultScope {167878A6-3415-4CD1-9319-D465F699C741} URL = 
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> {167878A6-3415-4CD1-9319-D465F699C741} URL = 
FirewallRules: [{2C8DD93E-C4FC-4F4B-964E-72561DA8FBFC}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A66A79D3-C5DB-432D-8D96-999DB43DFB1F}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{32DF2D59-34BC-4A07-9FC1-D291FFD99798}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply, please post:

  1. If you successfully uninstalled the McAfee app
  2. The fixlog.txt
  3. Specific things that make you think you are infected, other than the cmd window you already mentioned above

  • 0

#3
snowysdad43
Posted Yesterday, 01:23 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts

Grecian Geek 
First of all Thank you So  Much for your Help I an so greatful !

I was able to uninstall Mcafee . 

Here is the fix it log :
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22.05.2024 01
Ran by casey (27-05-2024 14:38:16) Run:1
Running from C:\Users\casey\OneDrive\Desktop
Loaded Profiles: casey
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\...\MountPoints2: {542239d4-5992-11eb-8e39-405bd89d7605} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL D:\VZW_Software_upgrade_assistant.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
AlternateDataStreams: C:\Users\casey\OneDrive\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MBSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (1).exe:BDU [0]
AlternateDataStreams: C:\Users\casey\Downloads\MSERT (2).exe:BDU [0]
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> DefaultScope {167878A6-3415-4CD1-9319-D465F699C741} URL = 
SearchScopes: HKU\S-1-5-21-915631250-2020585093-1217566574-1001 -> {167878A6-3415-4CD1-9319-D465F699C741} URL = 
FirewallRules: [{2C8DD93E-C4FC-4F4B-964E-72561DA8FBFC}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A66A79D3-C5DB-432D-8D96-999DB43DFB1F}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{32DF2D59-34BC-4A07-9FC1-D291FFD99798}] => (Allow) C:\Users\casey\AppData\Roaming\Zoom\bin\airhost.exe => No File
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{542239d4-5992-11eb-8e39-405bd89d7605} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
C:\Users\casey\OneDrive\Desktop\FRST64.exe => ":BDU" ADS removed successfully
C:\Users\casey\Downloads\MBSetup (1).exe => ":BDU" ADS removed successfully
C:\Users\casey\Downloads\MSERT (1).exe => ":BDU" ADS removed successfully
C:\Users\casey\Downloads\MSERT (2).exe => ":BDU" ADS removed successfully
"HKU\S-1-5-21-915631250-2020585093-1217566574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-915631250-2020585093-1217566574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{167878A6-3415-4CD1-9319-D465F699C741} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C8DD93E-C4FC-4F4B-964E-72561DA8FBFC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A66A79D3-C5DB-432D-8D96-999DB43DFB1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32DF2D59-34BC-4A07-9FC1-D291FFD99798}" => removed successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.4412
 
 
[==                         3.8%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.5%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.1%                           ] 
 
[===                        6.5%                           ] 
 
[====                       7.0%                           ] 
 
[====                       7.5%                           ] 
 
[====                       8.2%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.9%                           ] 
 
[======                     10.5%                          ] 
 
[======                     10.9%                          ] 
 
[======                     11.2%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.9%                          ] 
 
[=======                    13.4%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.8%                          ] 
 
[========                   15.2%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.7%                          ] 
 
[===========                19.3%                          ] 
 
[===========                20.0%                          ] 
 
[===========                20.7%                          ] 
 
[============               21.4%                          ] 
 
[============               22.1%                          ] 
 
[=============              22.7%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.7%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.6%                          ] 
 
[==============             24.7%                          ] 
 
[==============             24.8%                          ] 
 
[==============             25.2%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.7%                          ] 
 
[================           27.7%                          ] 
 
[================           28.5%                          ] 
 
[================           29.1%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.6%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.8%                          ] 
 
[==================         32.0%                          ] 
 
[==================         32.4%                          ] 
 
[===================        32.8%                          ] 
 
[===================        32.9%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.3%                          ] 
 
[====================       35.2%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      37.8%                          ] 
 
[======================     38.7%                          ] 
 
[======================     39.2%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.7%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.6%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  43.9%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.6%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.5%                          ] 
 
[========================== 45.8%                          ] 
 
[========================== 46.2%                          ] 
 
[========================== 46.5%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.9%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.1%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.9%                          ] 
 
[===========================47.9%                          ] 
 
[===========================48.0%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.3%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.6%                          ] 
 
[===========================48.8%                          ] 
 
[===========================48.8%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.9%                          ] 
 
[===========================50.1%                          ] 
 
[===========================50.6%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.6%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.5%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.3%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.8%=                         ] 
 
[===========================57.8%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================58.8%==                        ] 
 
[===========================58.9%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143150924 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 3469319976 B
Edge => 0 B
Chrome => 501190523 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 94609124 B
systemprofile32 => 94609124 B
LocalService => 135260355 B
NetworkService => 135498271 B
casey => 510793635 B
 
RecycleBin => 0 B
EmptyTemp: => 4.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:03:25 ====

Other reasons i think i am infected :
I started getting alot of Aww snap out of memory messages 
and at one point had a warning that a phishing attemp was made .
I forget which program told me that .
I started getting black screens  (randomly ) and would have to hold power button to shut computer down and restart .
when i would be on a webpage the entire screen would like blink off and on continually .
Just overall behaving out of the norm
Just an additional Fyi i had avast prmium for a couple years with no issues and recently switched to bitdefender 
i think a couple months back 
Thank you Again 
 

 

Edited by snowysdad43, Yesterday, 01:52 PM.

  • 0

#4
snowysdad43
Posted Today, 04:49 AM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts

I was  Just

looking at my email and when i closed it ...I was looking at my desktop my laptop made a noise (like when u plug in a charger )  the overall size of the desktop went from full screen to about 2/3 of  the entire screen and almost looked like an shrunk  image of my desktop for about 5 seconds and blinked back to normal .
Immedietly after that  have a notification (Computer needs to  update and restart ) ..... (It was like someone plugged a usb in,   that kind of noise ) 
I am about to shut it down  but i figure its going to install as soon as i restart 
Thank you 


Edited by snowysdad43, Today, 04:50 AM.

  • 0

#5
DR M
Posted Today, 07:31 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,190 posts

Hello.
 
Let the updates complete. When they are all set up, restart the computer. 
 
After that:

ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#6
snowysdad43
Posted 49 minutes ago

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
5/28/2024 18:55:38 PM
Scanned files: 531340
Detected files: 0
Cleaned files: 0
Total scan time: 01:07:42
Scan status: Finished

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

12 user(s) are reading this topic

1 members, 11 guests, 0 anonymous users


    snowysdad43
  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP