Good afternoon,
First off, it's been a few years since I have had a computer infection, but just wanted to say that you guys are seriously doing God's work. You have been incredible in the past and I thank you for creating this blog community!
Recently, I was searching for funny Spanish memes (Spanish teacher), and I visited a website that ended up giving me non-stop malware pop-up screens ever since. I don't plan on doing this again in the future!
I am getting non-stop "Your computer may be infected" pop-ups with different ads for "anti-virus" programs. Below are my logs. Thank you again:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by krueg_000 (administrator) on KRUEGER (Dell Inc. XPS 12-9Q33) (18-09-2021 13:50:14)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Loaded Profiles: krueg_000
Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Wireless Display -> Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [0F6421E269616DEEA6FF88A7BC7FC248079E5352._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleChromeAutoLaunch_4A8E26FD5AFB3D56D0E2C9C8176A95D7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [MicrosoftEdgeAutoLaunch_38A5A74C0F574CCAB915AEF4FDB30067] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {000D7066-BE6D-4204-BAE6-C3E4B77DA02A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0E2825D2-0C1D-411C-918B-39735947DBB1} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [704824 2013-03-01] (Intel Corporation -> Intel)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {15ACE092-13D6-45C4-8B34-AF0EB774017C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1D944798-D791-455D-89AE-0463C05E5709} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1DA3C42D-A8DE-4436-86D8-84F238EF7E49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {23A5C104-67C6-46F2-A56E-92D809EDF88D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.)
Task: {26402EE7-8AEC-4B8B-873A-5436C4114B76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167080 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {2F8BF9BF-58D1-4710-95AD-9E97641CD6BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {305A155F-C5E6-492B-BA66-F727A1B80C95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38293130-3792-46D6-8C05-45AC2C60836A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B29DC52-C765-4E1F-B06F-E2F85489CB35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133326408 2017-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BA2AB30-011A-492B-BF82-6A8F4EF15412} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C1CB5E4-059F-4211-8A64-5D6E214CCB1F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {555CC8DA-CF40-4476-B125-B00CE91CD040} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62E83378-ADB9-41C0-B3E6-C4770DBD82CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {699D51B8-F9BF-4EF1-B66F-851F861D551D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7415C419-F73C-4070-83B7-8C1D1B61544B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {781458CE-0C21-4C35-8545-6F6EE7B9F505} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F09F9AC-5149-4A84-B1EF-A1C674E68371} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9588A41A-DABE-470E-A95C-8E65CC3F1DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {95B34C76-E17F-4602-8804-29DEA9BBF53D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C13FAC4-4897-4753-954F-00A277365FF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A18158E8-A929-44BB-ABD6-92E3DD4DCF7E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {A73D296B-BC0D-4632-899B-DDADEEA2F73A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {ACF28D57-BA7B-4FB2-AF23-9894B1B028E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B93AED90-7980-4E53-92E7-ED3704A7D5CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CD22E04C-F218-43FB-AF66-F58F067C4A6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4201702-8AAC-4FBF-95A1-E6037529C9D8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DBC7CDB5-F34B-4E88-BC09-23631BC394F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1140624 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E17EEE6F-492E-4DD4-BC31-397D715F317A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E45627EC-4364-4090-ACA7-4140DFA7A344} - System32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {F966943E-D2A6-43A7-91E4-3394E4648F16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA77E5CF-EF89-4EE4-91CA-81FBABF91106} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3b952fb4-d066-4581-a0db-ea39b29d30d0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-18]
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default [2021-09-18]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://padlet.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.wvhs204.org/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Floorplanner) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-05-24]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (Skype Calling) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-05-24]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Search) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-05-09]
CHR Extension: (The QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2020-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-07]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2020-05-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-09-18]
CHR Extension: (Pocket Must Reads) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnnopicjonfamklpcdfnbcomdlopmof [2020-05-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-09-18]
CHR Extension: (No Name) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-05-24]
CHR Extension: (Save to Pocket) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2021-06-05]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-18]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-18]
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-23]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-23]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-23]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-23]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-09]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-09-18]
CHR Notifications: Profile 2 -> hxxps://besty-deals.com; hxxps://kokotrokot.com; hxxps://matrix-news.org; hxxps://matrixstar.net; hxxps://www.facebook.com; hxxps://www.webconsultas.com; hxxps://www1.news-back.org
CHR HomePage: Profile 2 -> hxxp://wvhs204.org/
CHR StartupUrls: Profile 2 -> "hxxp://wvhs204.org/","hxxps://espipe.sungardk12saas.com/TAC/Account/LogOn?ReturnUrl=%2fTAC"
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-12]
CHR Extension: (QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afpbjjgbdimpioenaedcjgkaigggcdpp [2021-08-29]
CHR Extension: (Mobility Print) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2021-08-29]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-12]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-12]
CHR Extension: (Newsela) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfpeiapdhnegnfcfkdfihabadngjagfj [2021-08-29]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-12]
CHR Extension: (School Video Recorder for Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boohghjaeankjfihomdfhimfgifblngd [2021-08-29]
CHR Extension: (Gopher Buddy) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgbbbjmgdpnifijconhamggjehlamcif [2021-08-29]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-08-29]
CHR Extension: (Lightspeed User Agent) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eodeiibdcpipgedfgkolnhajjdokejdh [2021-08-29] [UpdateUrl:hxxp://lightspeed-apps.s3.amazonaws.com/chrome/user_agent/ChromeUserAgent.xml] <==== ATTENTION
CHR Extension: (OrbitDoc) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\feepmdlmhplaojabeoecaobfmibooaid [2021-09-18]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-12]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2021-09-18]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2021-08-29]
CHR Extension: (Bomgar Remote Support) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-08-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-09-07]
CHR Extension: (Zoom Scheduler) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-09-01]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-09-18]
CHR Extension: (Google Classroom) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2021-08-31]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-12]
CHR Extension: (Draftback) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nnajoiemfpldioamchanognpjmocgkbg [2021-08-29]
CHR Extension: (WordReference Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj [2021-08-29]
CHR Extension: (Texthelp PDF Reader App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohfjebjepnlldifcbcfmopifaebcjehc [2021-08-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2021-08-29]
CHR Extension: (Video Editor for Chromebook & more: Free app) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2021-08-29]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2021-08-29]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-12]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel Wireless Display -> Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [165344 2013-05-21] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART; C:\WINDOWS\System32\drivers\iaLPSS_UART.sys [142840 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-12] (Microsoft Windows -> Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-06-18] (Intel® Smart Connect software -> )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 18:43 - 2021-09-17 18:43 - 000000000 ___HD C:\$WinREAgent
2021-09-15 23:52 - 2021-09-18 13:50 - 000000000 ____D C:\FRST
2021-09-15 19:34 - 2021-09-15 19:34 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-08-29 17:20 - 2021-08-29 17:20 - 000000000 ____D C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-18 13:50 - 2021-03-01 01:49 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{203598EA-E27F-4818-8B3B-097F45E5FCFE}
2021-09-18 13:50 - 2014-06-23 20:14 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-18 13:49 - 2020-07-15 07:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 13:47 - 2016-06-04 22:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-09-18 13:47 - 2016-06-04 20:44 - 000000000 __SHD C:\Users\krueg_000\IntelGraphicsProfiles
2021-09-17 23:56 - 2021-03-01 01:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-17 23:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-17 18:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-17 18:45 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-17 18:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-17 18:43 - 2014-07-07 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 18:39 - 2014-07-07 12:12 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 23:52 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-15 19:34 - 2014-07-21 20:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-12 20:28 - 2020-05-24 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-07 23:45 - 2021-03-01 01:49 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2021-09-07 23:45 - 2021-02-28 15:21 - 000002436 _____ C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-07 21:27 - 2021-03-01 01:52 - 001776288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-07 21:27 - 2021-02-28 14:50 - 000788518 _____ C:\WINDOWS\system32\perfh00A.dat
2021-09-07 21:27 - 2021-02-28 14:50 - 000155960 _____ C:\WINDOWS\system32\perfc00A.dat
2021-09-07 21:20 - 2021-03-01 01:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-07 21:20 - 2021-03-01 01:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-07 21:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-07 21:20 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-05 21:11 - 2020-09-29 20:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-01 23:49 - 2013-11-30 17:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-09-01 23:47 - 2021-03-01 01:49 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-08-30 20:47 - 2016-08-10 22:12 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-25 18:18 - 2014-06-23 20:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
==================== FLock ==============================
2013-11-30 18:04 C:\System Recovery
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by krueg_000 (18-09-2021 13:54:28)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Windows 10 Home Version 20H2 19042.1165 (X64) (2021-03-01 06:49:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled)
Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled)
krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000
WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5371.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com)
Dell | Getting Started with Windows 8 -> C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2 [2014-06-23] (Dell Inc)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2020-05-24] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-01] (Dell Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-18] (HP Inc.)
Intel® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC)
McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2020-05-24] (McAfee Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-02] (Microsoft Studios) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn
==================== Loaded Modules (Whitelisted) =============
2021-09-18 13:47 - 2021-09-18 13:47 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_ctypes.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000128512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_elementtree.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000914432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_hashlib.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000027648 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_multiprocessing.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000036864 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_psutil_windows.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000046080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_socket.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001303552 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_ssl.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000020480 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_yappi.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000012800 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\common.time34.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000007168 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\hashobjs_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000127488 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pyexpat.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000682496 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pysqlite2._sqlite.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000364544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pythoncom27.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000110080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pywintypes27.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000010240 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\select.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000017920 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\thumbnails_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000686080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\unicodedata.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\usb_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000098816 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32api.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000320512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32com.shell.shell.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000011264 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32crypt.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000018432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32event.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000119808 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32file.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000167936 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32gui.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000038912 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32inet.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000025600 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32pdh.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000024064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32pipe.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000035840 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32process.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000017408 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32profile.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000108544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32security.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000022528 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32ts.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000078848 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._animate.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001067008 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._controls_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001176576 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._core_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000806400 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._gdi_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000077312 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._html2.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000733184 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._misc_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000816128 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._windows_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000123392 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._wizard.pyd
2013-11-30 17:31 - 2013-03-01 12:58 - 000130048 _____ (CodePlex Community) [File not signed] [File is in use] C:\Program Files (x86)\Intel\irstrt\Microsoft.Win32.TaskScheduler.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\python27.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxbase30u_net_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxbase30u_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_adv_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_core_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_html_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_webview_vc90.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> {35FC2A43-F5D9-4230-9B23-9CF86E983675} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18E52869-B606-46D8-AC8F-8D128CCFC072}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0D991AA9-6275-4A28-AA3A-0E18732E7702}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7EDADB2E-F914-49C1-BDE3-CDFDF10077F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{FA643C4D-640F-4AA2-96C8-DC6F23D7E4B6}] => (Allow) C:\Users\krueg_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900
FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869
FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A263EB7C-08C3-4228-8069-5890870C37F7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{43DBB600-8DE1-4D79-AC18-F345BA54F5B4}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{71D82733-473E-4850-ABC0-42D43176E905}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{104A7931-80CD-4F3A-A790-42492EE06276}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F153C4CC-A65B-47A3-88FC-866126D07CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2774294A-AB11-403D-8813-8B2CF3E080D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF51200C-0103-4C68-9903-247A346BEC48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:97.59 GB) (Free:55.08 GB) (56%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/18/2021 01:50:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/17/2021 06:41:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/15/2021 07:36:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/14/2021 10:13:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/13/2021 07:30:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/12/2021 08:27:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/07/2021 09:01:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/06/2021 11:47:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (09/18/2021 01:49:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/17/2021 11:45:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/17/2021 06:40:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/15/2021 07:35:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/14/2021 10:12:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/13/2021 08:35:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/13/2021 07:29:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/12/2021 11:30:56 PM) (Source: DCOM) (EventID: 10010) (User: KRUEGER)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-09-17 19:04:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-14 22:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-13 21:07:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-05 19:56:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-01 23:53:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-30 03:44:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.102.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 03:44:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.102.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 03:44:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-03 23:55:55
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.8.0
Previous security intelligence Version: 1.339.1902.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-03 23:55:55
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.8.0
Previous security intelligence Version: 1.339.1902.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
==================== Memory info ===========================
BIOS: Dell Inc. A03 09/24/2013
Motherboard: Dell Inc. XPS 12-9Q33
Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 87%
Total physical RAM: 4001.53 MB
Available physical RAM: 497.16 MB
Total Virtual: 8865.53 MB
Available Virtual: 3736.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:55.08 GB) NTFS
\\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
\\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.32 GB) NTFS
\\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS
\\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7)
Partition: GPT.
==================== End of Addition.txt =======================