Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell Inspiron bogged down with I don't know what [Solved]

Started by moondog830 , Sep 21 2021 11:50 AM

  • This topic is locked This topic is locked

#46
moondog830
Posted 30 September 2021 - 05:28 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

Yes it is running way better now ... but you did say in #35 [There are some remaining issues we have to fix, but first let me know about how is the computer running now. ]


  • 0

Advertisements

#47
DR M
Posted 30 September 2021 - 05:30 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Yes, I did say that!  :yes:

 

I will be ready for that in a couple of hours. Thank you for your patience! 


  • 0

#48
DR M
Posted 30 September 2021 - 08:00 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Mark, since it's been a while, I would like to see fresh FRST logs, Addition.txt and FRST.txt, both attached please.

 

Meanwhile, please ask your friend if she wants to install McAfee again. Personally, I recommend her to stay with the built-in Windows 10 antivirus, Microsoft Defender, which is good enough to protect her. She can also keep Malwarebytes, as an on-demand scanner, meaning that she can use it from time to time, depending on how often she uses the computer. But of course, this will be her decision. 

 

So, in your next reply please tell me:

 

1. Stay with Defender or re-install McAffee?

2. Fresh FRST logs


  • 0

#49
moondog830
Posted 30 September 2021 - 01:22 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02

Ran by ejbea (administrator) on DESKTOP-2KHI5DN (Dell Inc. Inspiron 15-3567) (30-09-2021 13:26:32)
Running from C:\Users\ejbea\OneDrive\Desktop
Loaded Profiles: ejbea
Platform: Windows 10 Home Version 2004 19041.1237 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WaaSMedicAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-01-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\Run: [MicrosoftEdgeAutoLaunch_799699109B40F4658C53434E420CEEDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Uninstall 21.170.0822.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\21.170.0822.0002"
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\94.1.30.86\Installer\chrmstp.exe [2021-09-28] (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2FD586D9-F9F2-4657-8514-4F578A46738D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3F2C0611-A707-4EE5-B1C2-510E1C9C381C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1155480 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F81D523-BD6A-42F8-989E-3956C016F759} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {548BE06B-158B-49FA-BF46-F034F0A7AB80} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {565C569C-FB63-4DCF-9BBC-CBA946D4D301} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {56A41862-AEDD-4602-A82D-4F6BE056D8C8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {7EFFC206-E80C-4F97-B685-92BA29565D7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1710029-8A1C-43D8-9D53-B85D382464AE} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{589ec2c5-523f-4790-b90c-67d059a82bbe}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6daae701-dcd4-4585-aa71-409ea1fd00ff}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Edge: 
=======
DownloadDir: C:\Users\ejbea\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2021-09-27] <==== ATTENTION
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-30]
Edge Extension: (Home | BVSCU) - C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaipkelaldmidppbfaafolldkbdenfg [2020-11-13]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
 
Brave: 
=======
BRA Profile: C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-24]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-09-24]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-24]
BRA Extension: (Brave NTP sponsored images) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-09-24]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2021-09-24]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-24]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-24]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-22] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [35704 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [433384 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-28 09:21 - 2021-09-28 09:21 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-28 09:20 - 2021-09-28 09:20 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-28 09:20 - 2021-09-28 09:20 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-09-28 08:15 - 2021-09-28 08:16 - 000164636 _____ C:\WINDOWS\ntbtlog.txt
2021-09-28 08:15 - 2021-09-28 08:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-28 08:10 - 2021-09-28 08:10 - 000003716 _____ C:\NetworkSettings.txt
2021-09-27 15:13 - 2021-09-27 15:13 - 001053600 _____ (ESET) C:\Users\ejbea\Downloads\esetuninstaller.exe
2021-09-24 06:14 - 2021-09-28 12:23 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-24 06:14 - 2021-09-28 12:23 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-24 06:14 - 2021-09-24 06:14 - 000000000 ____D C:\Program Files\BraveSoftware
2021-09-24 06:12 - 2021-09-24 06:14 - 000000000 ____D C:\Users\ejbea\AppData\Local\BraveSoftware
2021-09-24 06:12 - 2021-09-24 06:12 - 000003438 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-09-24 06:12 - 2021-09-24 06:12 - 000003314 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-09-24 06:12 - 2021-09-24 06:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-09-24 06:11 - 2021-09-24 06:11 - 001243560 _____ (BraveSoftware Inc.) C:\Users\ejbea\Downloads\BraveBrowserSetup-INS593.exe
2021-09-24 05:56 - 2021-09-24 05:56 - 012792104 _____ (ESET) C:\Users\ejbea\Downloads\avremover_nt64_enu.exe
2021-09-23 11:31 - 2021-09-23 11:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-23 11:31 - 2021-09-23 11:31 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-23 06:15 - 2021-09-23 06:16 - 000001380 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-23 06:15 - 2021-09-23 06:15 - 011697056 _____ (ESET) C:\Users\ejbea\Downloads\esetonlinescanner.exe
2021-09-23 05:56 - 2021-09-28 09:33 - 000000000 ____D C:\Users\ejbea\AppData\LocalLow\IGDump
2021-09-22 18:13 - 2021-09-28 09:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-22 18:13 - 2021-09-28 08:15 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-22 18:13 - 2021-09-22 18:13 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-22 18:13 - 2021-09-22 18:13 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-22 18:13 - 2021-09-22 18:13 - 000000000 ____D C:\Users\ejbea\AppData\Local\mbam
2021-09-22 18:12 - 2021-09-22 18:12 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-22 18:12 - 2021-09-22 18:12 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-22 18:12 - 2021-09-22 18:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-22 17:56 - 2021-09-22 17:56 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-22 17:54 - 2021-09-23 05:50 - 000000000 ____D C:\AdwCleaner
2021-09-22 11:10 - 2021-09-22 11:11 - 000000000 ____D C:\Users\ejbea\AppData\Roaming\Dell
2021-09-21 11:57 - 2021-09-30 13:29 - 000000000 ____D C:\FRST
2021-09-16 13:34 - 2021-09-16 13:34 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-16 13:32 - 2021-09-16 13:32 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-16 13:32 - 2021-09-16 13:32 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-16 13:32 - 2021-09-16 13:32 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-16 13:32 - 2021-09-16 13:32 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-16 13:32 - 2021-09-16 13:32 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-16 13:30 - 2021-09-16 13:30 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-16 13:30 - 2021-09-16 13:30 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-16 13:30 - 2021-09-16 13:30 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-16 13:30 - 2021-09-16 13:30 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-16 13:30 - 2021-09-16 13:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-16 13:30 - 2021-09-16 13:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-16 13:28 - 2021-09-16 13:28 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-16 13:28 - 2021-09-16 13:28 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-16 13:27 - 2021-09-16 13:27 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-16 13:27 - 2021-09-16 13:27 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-16 13:27 - 2021-09-16 13:27 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-16 13:27 - 2021-09-16 13:27 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-16 13:27 - 2021-09-16 13:27 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-16 13:27 - 2021-09-16 13:27 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-16 11:32 - 2021-09-16 11:32 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-30 13:24 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-30 13:23 - 2020-11-22 01:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-29 11:42 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-29 11:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-28 11:59 - 2019-04-03 16:02 - 000000000 ____D C:\Users\ejbea\AppData\Local\PlaceholderTileLogoFolder
2021-09-28 10:42 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-28 10:29 - 2020-11-22 01:42 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3457983286-1419784188-334204780-1001
2021-09-28 10:29 - 2020-11-22 01:16 - 000002381 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-28 09:20 - 2020-11-22 01:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-28 09:20 - 2019-04-03 15:56 - 000000000 __SHD C:\Users\ejbea\IntelGraphicsProfiles
2021-09-28 09:19 - 2020-11-22 01:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-28 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-28 09:18 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-28 09:17 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-27 15:18 - 2020-11-22 01:16 - 000000000 ____D C:\Users\ejbea
2021-09-27 10:54 - 2020-07-09 16:01 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-27 10:54 - 2020-07-09 16:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-23 06:09 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-23 05:50 - 2019-02-08 15:45 - 000000000 ____D C:\ProgramData\Dell
2021-09-23 05:50 - 2019-02-08 15:16 - 000000000 ____D C:\Program Files\Dell
2021-09-22 14:29 - 2020-08-30 21:39 - 000000000 ____D C:\Users\ejbea\AppData\LocalLow\Temp
2021-09-22 11:23 - 2019-04-03 15:56 - 000000000 ____D C:\Users\ejbea\AppData\Local\Packages
2021-09-22 11:11 - 2019-02-08 15:17 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-22 10:58 - 2019-02-08 15:51 - 000000000 ____D C:\ProgramData\RivetNetworks
2021-09-22 09:44 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-22 09:26 - 2020-09-16 16:30 - 000000000 ____D C:\Users\defaultuser100000
2021-09-21 13:07 - 2019-06-18 17:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-19 15:26 - 2019-04-03 16:04 - 000000000 ___RD C:\Users\ejbea\OneDrive
2021-09-18 22:34 - 2019-02-08 15:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-18 22:25 - 2019-03-30 01:58 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-16 15:13 - 2020-11-22 01:28 - 000797618 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-16 15:09 - 2020-11-22 01:09 - 000448408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-16 15:03 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-16 11:26 - 2019-04-03 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-16 11:19 - 2019-04-03 18:07 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-12 13:01 - 2020-10-01 18:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-04 19:05 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-04 09:49 - 2019-06-04 22:14 - 000000000 ____D C:\Users\ejbea\AppData\Local\D3DSCache
 
==================== FLock ==============================
 
2020-11-22 01:11 C:\Recovery
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by ejbea (30-09-2021 13:41:02)
Running from C:\Users\ejbea\OneDrive\Desktop
Windows 10 Home Version 2004 19041.1237 (X64) (2020-11-22 06:44:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3457983286-1419784188-334204780-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457983286-1419784188-334204780-503 - Limited - Disabled)
ejbea (S-1-5-21-3457983286-1419784188-334204780-1001 - Administrator - Enabled) => C:\Users\ejbea
Guest (S-1-5-21-3457983286-1419784188-334204780-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3457983286-1419784188-334204780-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 94.1.30.86 - Brave Software Inc)
Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a914536c-bd41-479c-96aa-dee4a9639c22}) (Version: 21.10.1 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{06F94C28-DE1D-485F-AD91-333ACEB3F52D}) (Version: 1.6.100.32677 - Intel Corporation)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9669.4 - Waves Audio Ltd.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8622 - Realtek Semiconductor Corp.)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.65.3.0_x86__kgqvnymyfvs32 [2021-09-22] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-18] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_13.0.10.0_x86__m9bz608c1b9ra [2021-07-27] (Nordcurrent)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-16] (Dropbox Inc.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-04-03] (Fitbit)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-04-03] (LinkedIn)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-29] (CYBERLINK CORPORATION.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1240.4.118.0_x64__8xx8rvfyw5nnt [2021-09-29] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.11030.0_x64__8wekyb3d8bbwe [2020-11-27] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-27] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-21] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-20] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-04-03] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-14] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-13] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-04-03] (CYBERLINK CORPORATION.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3457983286-1419784188-334204780-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-22] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bdaipkelaldmidppbfaafolldkbdenfg\Home _ BVSCU.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bdaipkelaldmidppbfaafolldkbdenfg --app-url=hxxps://www.bvscu.org/
 
==================== Loaded Modules (Whitelisted) =============
 
2020-04-20 12:14 - 2020-04-20 12:14 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-20 12:14 - 2020-04-20 12:14 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2020-04-20 12:15 - 2020-04-20 12:15 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\AppVIsvSubsystems32.dll
2020-04-20 12:15 - 2020-04-20 12:15 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\c2r32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{89201931-C0C7-4269-8D13-2D10CC494228}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{EE179294-8BE1-48D2-829B-0D208A3ABC0D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{008C2730-9A95-4A24-8F94-6D33FC90705E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D832794C-2804-4AC3-9A1C-6C4981BD8E14}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{0DF6AE09-D610-435A-B250-F62CFD17A521}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{76FB62CC-CE27-4E18-8A24-CCE2C1D8AB76}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4B2F5D68-0069-4EB2-98FA-8A01A364A3DE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E1250F2B-4DAF-42E4-88D6-330A3F1F3A04}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A224DBA5-4E7A-48C3-B08E-B9EFF5329157}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF17721C-F271-495B-8942-7BB9128D3DDB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04B9B98A-720E-449C-B401-045C48635E1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B665FCFF-FAF3-41B8-8D5D-A33E02972549}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D045C522-323F-48F7-83E5-C28F8804A587}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{C86A81FC-A094-4D7D-9530-17A238C9A1E2}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8D58174F-9D5A-4AFF-B953-E8C468B1CB42}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA152D3D-5460-42B7-B93D-0535961211C5}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
16-09-2021 11:27:10 Windows Modules Installer
22-09-2021 10:54:38 Removed SmartByte Drivers and Services.
23-09-2021 05:48:04 AdwCleaner_BeforeCleaning_23/09/2021_05:47:57
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/30/2021 01:24:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187512347 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/30/2021 01:24:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187512345 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (09/30/2021 01:23:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187493412 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/30/2021 01:23:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187493410 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (09/28/2021 05:48:57 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 30597262 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/28/2021 05:48:57 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 30596944 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (09/28/2021 05:07:24 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 28096864 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/28/2021 05:07:24 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 28096862 ms
 
DPTF Build Version:  8.3.10207.5567
DPTF Build Date:  Nov  2 2017 14:28:00
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
 
System errors:
=============
Error: (09/28/2021 09:20:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DpmLiteDrv service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/28/2021 09:18:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/28/2021 09:18:29 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
 
Error: (09/28/2021 09:17:52 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/28/2021 09:17:51 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/28/2021 09:17:51 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/28/2021 09:17:22 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/28/2021 09:17:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
================
Date: 2021-09-22 16:28:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-22 14:50:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-22 14:19:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-22 13:00:41
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-22 12:55:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-28 08:15:51
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-09-22 09:51:32
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally 
 
Date: 2021-09-22 09:51:32
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally 
 
Date: 2021-09-22 09:51:32
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally 
 
Date: 2021-05-27 20:35:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1367.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2021-09-28 08:20:22
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.9.0 01/17/2019
Motherboard: Dell Inc. 0KDGM1
Processor: Intel® Core™ i3-7020U CPU @ 2.30GHz
Percentage of memory in use: 88%
Total physical RAM: 3961.88 MB
Available physical RAM: 463.64 MB
Total Virtual: 5241.88 MB
Available Virtual: 857.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.28 GB) (Free:839.85 GB) NTFS
Drive d: (ALANJACKSON) (CDROM) (Total:2.84 GB) (Free:0 GB) UDF
 
\\?\Volume{fd2d1fed-76f6-480c-b417-67c9ffa24b55}\ () (Fixed) (Total:0.97 GB) (Free:0.42 GB) NTFS
\\?\Volume{5cd94f67-f6f3-4212-a598-b033ff9c94e0}\ (Image) (Fixed) (Total:12.37 GB) (Free:0.18 GB) NTFS
\\?\Volume{47947bc6-a3e5-4503-8019-82fe861d2456}\ (DELLSUPPORT) (Fixed) (Total:1.14 GB) (Free:0.48 GB) NTFS
\\?\Volume{d2539f45-3d68-4475-9752-df5d993b6786}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.57 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6CAC8AAD)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#50
DR M
Posted 01 October 2021 - 04:58 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, Mark.
 
You didn't reply about McAfee, so I assume that you will stay with the Microsoft Defender instead of McAfee.
 
 
1. Change a Malwarebytes option

  • Open Malwarebytes
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.

 

2. Check Windows Defender

  • Go to Settings (Windows icon on the keyboard + i)
  • Select Update & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Take a screenshot of what you see

 

3. FRST fix
 
Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

 

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {E1710029-8A1C-43D8-9D53-B85D382464AE} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2021-09-27] <==== ATTENTION
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
2021-09-27 15:13 - 2021-09-27 15:13 - 001053600 _____ (ESET) C:\Users\ejbea\Downloads\esetuninstaller.exe
2021-09-24 05:56 - 2021-09-24 05:56 - 012792104 _____ (ESET) C:\Users\ejbea\Downloads\avremover_nt64_enu.exe
2021-09-23 11:31 - 2021-09-23 11:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-23 11:31 - 2021-09-23 11:31 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-23 06:15 - 2021-09-23 06:16 - 000001380 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-23 06:15 - 2021-09-23 06:15 - 011697056 _____ (ESET) C:\Users\ejbea\Downloads\esetonlinescanner.exe
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#51
moondog830
Posted 01 October 2021 - 11:41 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

I will recommend your choice of Windows Defender ... if she decides she wants something else, I will advise her to use Avast, only because I use it and have no problems.

 

1. Malwarebytes set as you said

 

2. Screenshot attached.

 

3. FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02

Ran by ejbea (01-10-2021 07:23:21) Run:2
Running from C:\Users\ejbea\OneDrive\Desktop
Loaded Profiles: ejbea
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {E1710029-8A1C-43D8-9D53-B85D382464AE} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2021-09-27] <==== ATTENTION
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
2021-09-27 15:13 - 2021-09-27 15:13 - 001053600 _____ (ESET) C:\Users\ejbea\Downloads\esetuninstaller.exe
2021-09-24 05:56 - 2021-09-24 05:56 - 012792104 _____ (ESET) C:\Users\ejbea\Downloads\avremover_nt64_enu.exe
2021-09-23 11:31 - 2021-09-23 11:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-23 11:31 - 2021-09-23 11:31 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-23 06:15 - 2021-09-23 06:16 - 000001380 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-23 06:15 - 2021-09-23 06:15 - 011697056 _____ (ESET) C:\Users\ejbea\Downloads\esetonlinescanner.exe
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1710029-8A1C-43D8-9D53-B85D382464AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1710029-8A1C-43D8-9D53-B85D382464AE}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= => moved successfully
HKLM\System\CurrentControlSet\Services\DpmLiteDrv => removed successfully
DpmLiteDrv => service removed successfully
C:\Users\ejbea\Downloads\esetuninstaller.exe => moved successfully
C:\Users\ejbea\Downloads\avremover_nt64_enu.exe => moved successfully
"C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn" => not found
"C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime" => not found
C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk => moved successfully
C:\Users\ejbea\Downloads\esetonlinescanner.exe => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53025627 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7548699 B
Edge => 0 B
Brave => 1393904 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 84084 B
NetworkService => 103638 B
ejbea => 105768776 B
 
RecycleBin => 165858 B
EmptyTemp: => 160.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:25:52 ====

Attached Thumbnails

  • windows security.png

  • 0

#52
DR M
Posted 01 October 2021 - 12:14 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Mark,
 
Choose Dismiss in regard of Set up OneDrive and Turn on the App & Browser control.

The only remaining thing about this computer is its upgrade.It is running in version 2004, two major upgrades behind. I recommend you to upgrade the computer now, before returning it to its owner. The process may take several hours.
 
If you want to upgrade now:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

If you don't want to upgrade now, let me know to give you the final instructions for removing the tools we used and setting a new restore point.


  • 0

#53
moondog830
Posted 01 October 2021 - 04:46 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

going to upgrade .... babysitting all weekend though


  • 0

#54
DR M
Posted 02 October 2021 - 01:21 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

I'll be here. 


  • 0

#55
moondog830
Posted 03 October 2021 - 11:55 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

I have finished the upgrade ... nothing more from microsoft pops up.

 

Where do I go to dismiss one drive and turn on app and browser control


  • 0

Advertisements

#56
DR M
Posted 03 October 2021 - 12:01 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

nothing more from microsoft pops up.

 
What do you mean?
 
I had told you to check Microsoft Defender and here it is the screenshot you posted. 
 
So...

  • Go to Settings (Windows icon on the keyboard + i)
  • Select Update & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • If there are yellow warnings as in the previous screenshot, select Dismiss in regard of Set up OneDrive and Turn on the App & Browser control.
  • Let me know if now everything is green.

 

How is the computer running now? 


  • 0

#57
moondog830
Posted 04 October 2021 - 03:12 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

everything is green and the computer is running very smooth now


  • 0

#58
DR M
Posted 04 October 2021 - 07:38 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, Mark.
 
Glad to hear that everything runs smoothly now. :)
 
Something I would like to check regarding an indication in the logs. 
 
Please do this for me:

 

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
Folder: C:\Recovery
ListPermissions: C:\Recovery
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#59
moondog830
Posted 04 October 2021 - 08:07 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2021
Ran by ejbea (04-10-2021 09:06:55) Run:3
Running from C:\Users\ejbea\OneDrive\Desktop
Loaded Profiles: ejbea
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Folder: C:\Recovery
ListPermissions: C:\Recovery
 
*****************
 
 
========================= Folder: C:\Recovery ========================
 
Access Denied
 
====== End of Folder: ======
 
===================================
permissions of "C:\Recovery":
 
Owner: BUILTIN\Administrators
 
DACL(AI):
 
NT AUTHORITY\Local account DENY LIST+AddFileCreateSubDir+WriteEA+WriteEA+TRAVERSE+LOCRDELETE+READ (NI)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Users ALLOW READ/EXECUTE (OI-CI-I)
NT AUTHORITY\Authenticated Users ALLOW MODIFY (I)
NT AUTHORITY\Authenticated Users ALLOW MODIFY (OI-CI-I-OI)
 
===================================
 
==== End of Fixlog 09:06:55 ====

  • 0

#60
DR M
Posted 04 October 2021 - 10:59 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Thank you, Mark.
 
Let's finish it now.
 
Run KpRm

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP