Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer

Started by mandrada , Jun 02 2024 04:19 PM

  • Please log in to reply

#16
RKinner
Posted Yesterday, 01:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,698 posts
  • MVP

Addition.txt file?

 

Looking at the Process Explorer log there is something odd going on with Chrome. 

chrome.exe < 0.01 1,644,836 K 226,060 K 9252 Google Chrome Google LLC (Verified) Google LLC

 

 
1,644,836 K seems like a lot of RAM for Chrome and it's not the only entry for Chrome just the worst.  I checked with my PC and it uses less than a tenth of that.
 
Usually this means you have a bad extension.  Open Chrome and right click on  the three dots and then select Extensions, Manage Extensions.  Turn off each extension and then restart Chrome.  Open Process Explorer again and check how much memory each Chrome entry uses.  (If you click on the column header, Process it will sort things by name so you can have all of your Chrome entries together which should make it easier to see which has the most memory under either Private Bytes or Working Set).  Does the amount of memory used drop substantially from before?  I've attached a snip of the page on my PC so you can see what is normal for Chrome.
 
ChromeMem.JPG
 
If you go into Task Manager, Performance and click on Memory it will show you haw much memory is being used.  Can you give me a screenshot of that?  Looks like:
 
MemUsage.JPG
 
Still need the model or serial number from your PC.  And don't forget the Addition.txt file.

  • 0

Advertisements

#17
mandrada
Posted Yesterday, 02:02 PM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here is the addition.txt file

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.06.2024
Ran by mary (07-06-2024 09:21:03)
Running from C:\Users\mary\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) (2023-04-12 17:08:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4211803538-2084879006-1980355138-500 - Administrator - Disabled)
bob (S-1-5-21-4211803538-2084879006-1980355138-1001 - Administrator - Enabled) => C:\Users\bob
DefaultAccount (S-1-5-21-4211803538-2084879006-1980355138-503 - Limited - Disabled)
Guest (S-1-5-21-4211803538-2084879006-1980355138-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4211803538-2084879006-1980355138-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABS PDF Install (HKLM-x32\...\{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.002.20759 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.5.58 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Amazon Kindle) (Version: 1.34.1.63103 - Amazon)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
DefaultPackMSI (HKLM-x32\...\{D066B018-448B-40C5-9034-259BBCC49351}) (Version: 4.6.2.0 - Microsoft) Hidden
Dell Command | Update for Windows 10 (HKLM\...\{4CCADC13-F3AE-454F-B724-33F6D4E52022}) (Version: 4.1.0 - Dell Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{E530ABB7-9DCC-421B-B751-484375E8374A}) (Version: 5.0.49.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61632 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fax Upload (HKLM-x32\...\Fax Upload) (Version:  - )
GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)
Google Chrome (HKLM\...\{5855610A-61B6-3325-AAA6-DED6B90CEF8D}) (Version: 125.0.6422.142 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 91.0.2.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{19D17223-0F9C-4155-8057-AA6F49A26E69}) (Version: 10.1.17861.8101 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel® Corporation)
Intel® Icls (HKLM\...\{27946170-623E-45A2-9D7F-BEC95A5B78E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{364EE9BC-EB74-4436-B502-FA8FF2F7153F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{69263849-1C5F-42A0-B973-141BA15107A0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{DCC7FC90-C9BC-445B-A12B-ACC4278102BA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FEAA68D6-DA1D-4440-91B6-43906444FA49}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{E34D6B17-6F86-49F8-AECB-DE7B543A5960}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver (HKLM\...\{29B1F6D5-A3D3-45D8-9F53-EA9F0D4FC6DF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver Extension (HKLM\...\{4088EEA3-A5CC-4CEA-ACA5-4F88191D0499}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intermedia Unite 2.15.187 (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\9962f338-b12b-54d0-a4f5-eba7ff612061) (Version: 2.15.187 - Intermedia.net, Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.26 (x64) (HKLM\...\{87EBA554-A002-4EF4-A612-4FFD06092B5B}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.26 (x64) (HKLM\...\{D81A418F-966D-4069-B3E8-5EE4843CA862}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.26 (x64) (HKLM\...\{1A02C1B1-05BB-49F7-9DFF-99A66C6877FC}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.17628.20110 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.85 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.85 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Teams) (Version: 1.7.00.13456 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.26 (x64) (HKLM\...\{1F0EB53C-BE30-436A-BC54-FA364227A870}) (Version: 48.104.6996 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.26 (x64) (HKLM-x32\...\{b2476903-b8da-4dcc-903f-378730bb4c48}) (Version: 6.0.26.33205 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SIP ALG Detector 1.3.0 (only current user) (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\23b40b0e-1734-5217-b8ef-22dbe914e37b) (Version: 1.3.0 - SIP ALG Detector)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Zoom Outlook Plugin (HKLM-x32\...\{F4E64D16-21FD-43A3-9E5F-55D8ECC5E14B}) (Version: 5.17.10 - Zoom)
Zoom Workplace (64-bit) (HKLM\...\{4C11E02E-9F49-49B2-84D9-5B3083EA58C5}) (Version: 6.0.39959 - Zoom)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-10-19] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-05-16] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-19] (Adobe Systems Incorporated)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt [2024-05-17] (INTEL CORP) [Startup Task]
Bountiful Cottage Gardens -> C:\Program Files\WindowsApps\Microsoft.BountifulCottageGardens_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation)
Dell Command | Update -> C:\Program Files\WindowsApps\DellInc.DellCommandUpdate_4.1.17.0_x86__htrsf667h5kn2 [2021-02-04] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.86.0_x64__htrsf667h5kn2 [2024-02-29] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.16.0_x64__htrsf667h5kn2 [2024-06-06] (Dell Inc)
DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_4.2.2629.0_x64__9j0h69dmw0fzc [2022-07-05] (WISTRON CORPORATION) [Startup Task]
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2024.2.0.0_x64__t5j2fzbtdg37r [2024-04-15] (DTS, Inc.)
Intel® Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-25] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-04-05] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-08] (Apple Inc.) [Startup Task]
Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.15823.0_x86__mcezb6ze687jp [2024-02-27] (CYBERLINK CORPORATION.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe [2023-12-05] (Microsoft) [Startup Task]
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24051.39.0_x64__cw5n1h2txyewy [2024-05-30] (Microsoft Windows) [Startup Task]
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-09-11] (Dell Inc)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11050.29009.0_x64__8wekyb3d8bbwe [2024-06-04] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-11] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-11] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-09-11] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2020-10-19] (CYBERLINK CORPORATION.)
Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-06-13] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0 [2024-06-06] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2024-05-06] (Waves Audio)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.119.156.0_x64__8wekyb3d8bbwe [2024-06-05] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.119.156.0_x64__8wekyb3d8bbwe [2024-06-05] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-05-23] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{04271989-C4D2-EAFE-AD03-E6EC7AE4ABC1} -> [OneDrive - Lovelace Engineering] => C:\Users\mary\OneDrive - Lovelace Engineering [2022-05-20 10:05]
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mary\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.24130.8\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{3b9ec29f-6c5c-4076-9747-06c742b30185}\localserver32 -> C:\Users\mary\AppData\Local\Programs\Intermedia Unite\OfficeIntegrationServer\UniteOfficeIntegration.exe (SystemServer -> )
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\mary\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\mary\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\mary\Desktop\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\mary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2024-04-29 16:05 - 2024-04-05 06:55 - 000167424 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\@uc-tools\rust-native\index-x64.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000108544 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\windows-focus-assist\build\Release\focus-assist.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000128000 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\windows-native-registry\build\Release\native.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000644608 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\zeromq\build\Release\zeromq.node
2024-04-29 16:05 - 2024-04-05 06:55 - 002881536 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\ffmpeg.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 000480768 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\libegl.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 007493120 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\libglesv2.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 005126656 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\vk_swiftshader.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Client\C2R64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2022-08-01 12:19 - 2022-08-01 12:19 - 001548800 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\SQLite.Interop.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> DefaultScope {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: intu-help-qb17 - {2E3EE4ED-2928-4123-9975-20206B8E4B1C} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2022-05-06] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\sharepoint.com -> hxxps://lovelaceeng-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\Control Panel\Desktop\\Wallpaper -> C:\Users\mary\Desktop\Mary's Documents\A Personal Place\pngtree-purple-watercolor-sumi-vintage-floral-border-background-picture-image_1219230.jpg
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.254.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Vista Fax Daemon.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D93AF75D227E4510AE1D42E181D1834B"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_809B74D231354AD3DE6C5DCCAC791EFC"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{27AD9E22-FF8C-44BD-8728-C1DD7222D8E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13D51DC1-D17F-4011-8310-AABAFC27EF8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{23A4C02A-ECF3-440F-BEBC-2F8756BD477B}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [UDP Query User{939C0A7D-9676-47BB-9C9E-DAB9DD8DA23D}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [TCP Query User{392CBC4C-FA61-44A5-9FF5-96E1BB38C56F}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{71EE2DD7-6B52-4A80-81A4-6231619270A2}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{0534412A-5128-4A64-8CA2-ADC18EC8A61D}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7E321C81-98BD-448F-BC33-40287285218B}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{30013816-28EF-4D01-880D-CB32E15DBA64}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{16173167-A240-48B5-8E23-0F132BB2A9C9}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B0508CF-A24E-4979-A89B-BA3005A7504F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE68E06C-0886-452D-A6BA-A8A2816B577B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61295796-E3D8-479A-9F1F-8F933877D75D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3A358ACA-CBBE-431A-A5A8-0EA09E1C192B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFE68FD8-C196-447C-B94D-DFC41F39C04B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AD3C678-850E-4CEB-94B4-9CC0E4276D49}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{58522210-CAD9-4C94-994E-BB7B82060B4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C8505301-CD47-4D9E-8996-7EB3C11DEB09}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01D6D90D-01D1-4929-BCCF-B072D70BB3F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C62A2456-3906-4810-8402-42EB10F17F46}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0995DB68-116A-4852-A8CF-6AFDF3B0B2F4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EC228DE4-697F-4E16-8FF7-FC36C26D7BD2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{056F9AAA-8814-47C8-970B-BF150DE17FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2BB6D4FF-EE14-4115-AD3B-559B7B7F165B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{82432110-33BC-49C2-B736-34FA204FA05A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5D74BBA-E1FA-4B74-8377-3D4B80394E8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5E42A8A-7E74-42A2-8D03-1A5D1CA8E811}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CD11D10-FA44-4BDE-A37E-CB05E3F79504}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE673F22-F2A0-4909-9115-8658F0F553FB}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{11ADD91F-C83C-4D05-810D-9403A5F523F0}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{918196CF-5673-49BF-9A28-E1FF7399E3F8}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{698D5BB9-9B94-4B09-82EF-CA1D7DFCCF06}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68C4B464-999A-46A8-9914-135EF8F62C50}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65F7459D-7A31-4354-AAC6-248E3D03B432}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4B80B651-2C25-4DCE-B249-B2D5116DC081}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21CE7EDE-13B6-4362-9106-5E77AA5B933B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E9289498-1AEF-4A42-B1E6-5C9AD74797A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EAC0F51D-4719-499D-82E9-07CC5FE3C412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D5AFBA18-C403-4F56-B312-6F53062E8585}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{32F07A9A-C6D6-48FA-BAAF-401AC89EB82B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{404FA2DA-E11F-4A09-9B2D-4E735CF70B2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{482DAE5F-2EBC-442A-9313-74BCB786E117}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB8C1E42-9038-4640-A1D7-816CC73110A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{902BA21D-DCA4-42A2-AE10-90624589AED8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0007ADDF-C804-4B8A-B59F-68548AD01385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
 
==================== Restore Points =========================
 
04-06-2024 18:12:40 Windows Update
06-06-2024 16:01:19 Removed QuickBooks Runtime Redistributable.
07-06-2024 07:01:43 Removed Microsoft Search in Bing
07-06-2024 07:23:39 O&O ShutUp10++
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/07/2024 09:16:24 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program AcrobatNotificationClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (06/07/2024 09:05:21 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program AdobeNotificationClient.exe version 5.2.0.121 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
 
System errors:
=============
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.7.0 10/19/2020
Motherboard: Dell Inc. 0YNVJG
Processor: Intel® Core™ i5-9500 CPU @ 3.00GHz
Percentage of memory in use: 86%
Total physical RAM: 7973.94 MB
Available physical RAM: 1058.75 MB
Total Virtual: 15141.94 MB
Available Virtual: 6268.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.51 GB) (Free:295.35 GB) (Model: WDC WD5000AZLX-75K2TA1) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:12.61 GB) (Model: WDC WD5000AZLX-75K2TA1) FAT32
 
\\?\Volume{fb6d99f7-c7bc-4faf-8c1c-c6b18da8f512}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.08 GB) NTFS
\\?\Volume{598a17b2-40ab-4273-9653-5160b0e748b0}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AB689CA2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#18
mandrada
Posted Yesterday, 02:10 PM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

This computer is about 3 years old and it is a Dell Optiplex 7070

Do you also need the serial #?


  • 0

#19
mandrada
Posted Yesterday, 02:11 PM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here is 1 screenshot

Attached Thumbnails

  • Screenshot 2024-06-07 130722.jpg

  • 0

#20
mandrada
Posted Yesterday, 02:12 PM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here is another screenshot

Attached Thumbnails

  • Screenshot 2024-06-07 130818.jpg

  • 0

#21
RKinner
Posted Yesterday, 06:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,698 posts
  • MVP

Chrome is looking much better.  No sign of memory compression and memory use is about normal.  Is it running a bit faster now?

 

I think one of your extensions is the problem.    Look in your FRST log in the Chrome section.    Look at the dates associated with each extension.  Most likely the bad extension is one of your newer extensions so I would leave them off and turn on all of the extensions with a 2023 or earlier date then restart Chrome.  Check Process Explorer again and make sure that the memory usage did not skyrocket.  Also check Task Manager Performance Memory that where it says In Use (Compressed) that the RAM in the parens is still 0 MB.  Surf for a few minutes and check that the memory usage by Chrome is not slowly increasing.  If all seems well then turn on a few of the newer Extensions starting with the oldest and repeat.  Try and isolate it down to one or two extensions.

 

Dell does have Win 11 drivers for your PC so that's good.  There are a lot of critical drivers on the support page:  You should make sure that you have all of them.  Compare the dates with Device Manager.  Find the device and right click on it and select Properties then Driver.  I think your Dell Support Assist is supposed to do that for you but I'm not sure I trust it.  IF you put in your serial number the website can tell you exactly what drivers you might need.

 

https://www.dell.com...desktop/drivers


  • 0

#22
mandrada
Posted Today, 09:59 AM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks, I followed your instructions and turned extensions back on from oldest to newest, restarting Chrome after. When looking at Process Explorer, I don't know what to look at to see if memory usage skyrocketed.  There are a few columns next to each of the Chrome.exe rows. Can you tell me what I am looking for?

 

Task Manager Performance Memory remained at 0 MB.

 

I will look into the drivers next.


  • 0

#23
mandrada
Posted Today, 10:12 AM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here is a screenshot after I turned back on several of the extensions. Does it look like things have skyrocketed to you? If not, I will turn more back on.

Attached Thumbnails

  • Screenshot 2024-06-08 091020.jpg

  • 0

#24
RKinner
Posted Today, 11:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,698 posts
  • MVP

Last time we had a Chrome with 

chrome.exe < 0.01 1,644,836 K 226,060 K 9252 Google Chrome Google LLC (Verified) Google LLC

 

That was in the Private Bytes column.  Your current screenshot doesn't show anything nearly that bad (worst is 169,604K)  so I think you can try enabling some more.

 

Have you noticed it running a bit faster?


  • 0

#25
mandrada
Posted Today, 02:27 PM

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I installed the newer drivers at the Dell link.

I have now added back all the extensions and it seems to be running good.

See attached screenshot and let me know if you see anything that doesn't look right. 

Thanks!

Attached Thumbnails

  • Screenshot 2024-06-08 132443.jpg

  • 0

Advertisements

#26
RKinner
Posted Today, 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,698 posts
  • MVP

Try adding the extension Ublock Origin to Chrome:

 

https://chromewebsto...hjbkeiagm?hl=en

 

It will cut down on some of your traffic by blocking the ads.

 

Your system is still using 84+% of its RAM.  I think you are going to need to upgrade to 16 GB if you want to run QB.

 

Continue to monitor Chrome's usage with Process Explorer.  You may be seeing a case of memory leakage.  A process is supposed to return memory to the pool when it finishes but sometimes "forgets" and winds up with all of the available memory.

 

Your last Addition.txt showed a problem with Adobe:

 

Error: (06/07/2024 09:16:24 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program AcrobatNotificationClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

 

This is a recent addition to Adobe's suite as you can see from the version number.  Apparently it still has some bugs.  It is suppose to notify you if a document in the cloud is changed or needs something.  See:

https://community.ad...e/td-p/10618342

The Adobe guy refers to this document:

https://helpx.adobe....ifications.html

Looking at your last Addition.txt file you have two similar programs installed:

 

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-10-19] (Adobe Systems Incorporated)
 
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-19] (Adobe Systems Incorporated)
 
 

I wonder if you can uninstall the top one?  If not I would try uninstalling Adobe Acrobat and reinstall it.  Be careful when downloading a new copy.  Adobe always tries to get you to download some foistware at the same time.  You have to uncheck it before you download.

 

Also there is some residue from CCleaner still installed:

CCleaner Update Helper 

 

You will probably need to search for Control Panel then View by: Large Icons then Programs & Features in order to see it and remove it.

 

You might also consider uninstalling Dell SupportAssist.  (Shows up as an App and a program in Control Panel with slightly different names.)  Doesn't sound like it has been doing much for you and it's a real CPU and Memory hog.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

15 user(s) are reading this topic

2 members, 13 guests, 0 anonymous users


    RKinner, mandrada
  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP