FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02
Ran by ejbea (administrator) on DESKTOP-2KHI5DN (Dell Inc. Inspiron 15-3567) (30-09-2021 13:26:32)
Running from C:\Users\ejbea\OneDrive\Desktop
Loaded Profiles: ejbea
Platform: Windows 10 Home Version 2004 19041.1237 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WaaSMedicAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-01-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\Run: [MicrosoftEdgeAutoLaunch_799699109B40F4658C53434E420CEEDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\RunOnce: [Uninstall 21.170.0822.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ejbea\AppData\Local\Microsoft\OneDrive\21.170.0822.0002"
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\94.1.30.86\Installer\chrmstp.exe [2021-09-28] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2FD586D9-F9F2-4657-8514-4F578A46738D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3F2C0611-A707-4EE5-B1C2-510E1C9C381C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1155480 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F81D523-BD6A-42F8-989E-3956C016F759} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {548BE06B-158B-49FA-BF46-F034F0A7AB80} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {565C569C-FB63-4DCF-9BBC-CBA946D4D301} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {56A41862-AEDD-4602-A82D-4F6BE056D8C8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D866D27-6EEB-4E1D-9FB7-C1C4F82055A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {7EFFC206-E80C-4F97-B685-92BA29565D7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1710029-8A1C-43D8-9D53-B85D382464AE} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ejbea\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{589ec2c5-523f-4790-b90c-67d059a82bbe}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6daae701-dcd4-4585-aa71-409ea1fd00ff}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\ejbea\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2021-09-27] <==== ATTENTION
Edge Profile: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-30]
Edge Extension: (Home | BVSCU) - C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaipkelaldmidppbfaafolldkbdenfg [2020-11-13]
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA Profile: C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-24]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-09-24]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-24]
BRA Extension: (Brave NTP sponsored images) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-09-24]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2021-09-24]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-24]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\ejbea\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-24]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-22] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [35704 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [433384 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-18] (Microsoft Windows -> Microsoft Corporation)
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-28 09:21 - 2021-09-28 09:21 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-28 09:20 - 2021-09-28 09:20 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-28 09:20 - 2021-09-28 09:20 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-09-28 08:15 - 2021-09-28 08:16 - 000164636 _____ C:\WINDOWS\ntbtlog.txt
2021-09-28 08:15 - 2021-09-28 08:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-28 08:10 - 2021-09-28 08:10 - 000003716 _____ C:\NetworkSettings.txt
2021-09-27 15:13 - 2021-09-27 15:13 - 001053600 _____ (ESET) C:\Users\ejbea\Downloads\esetuninstaller.exe
2021-09-24 06:14 - 2021-09-28 12:23 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-24 06:14 - 2021-09-28 12:23 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-24 06:14 - 2021-09-24 06:14 - 000000000 ____D C:\Program Files\BraveSoftware
2021-09-24 06:12 - 2021-09-24 06:14 - 000000000 ____D C:\Users\ejbea\AppData\Local\BraveSoftware
2021-09-24 06:12 - 2021-09-24 06:12 - 000003438 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-09-24 06:12 - 2021-09-24 06:12 - 000003314 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-09-24 06:12 - 2021-09-24 06:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-09-24 06:11 - 2021-09-24 06:11 - 001243560 _____ (BraveSoftware Inc.) C:\Users\ejbea\Downloads\BraveBrowserSetup-INS593.exe
2021-09-24 05:56 - 2021-09-24 05:56 - 012792104 _____ (ESET) C:\Users\ejbea\Downloads\avremover_nt64_enu.exe
2021-09-23 11:31 - 2021-09-23 11:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-09-23 11:31 - 2021-09-23 11:31 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-09-23 06:15 - 2021-09-23 06:16 - 000001380 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-09-23 06:15 - 2021-09-23 06:15 - 011697056 _____ (ESET) C:\Users\ejbea\Downloads\esetonlinescanner.exe
2021-09-23 05:56 - 2021-09-28 09:33 - 000000000 ____D C:\Users\ejbea\AppData\LocalLow\IGDump
2021-09-22 18:13 - 2021-09-28 09:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-22 18:13 - 2021-09-28 08:15 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-22 18:13 - 2021-09-22 18:13 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-22 18:13 - 2021-09-22 18:13 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-22 18:13 - 2021-09-22 18:13 - 000000000 ____D C:\Users\ejbea\AppData\Local\mbam
2021-09-22 18:12 - 2021-09-22 18:12 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-22 18:12 - 2021-09-22 18:12 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-22 18:12 - 2021-09-22 18:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-22 17:56 - 2021-09-22 17:56 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-22 17:54 - 2021-09-23 05:50 - 000000000 ____D C:\AdwCleaner
2021-09-22 11:10 - 2021-09-22 11:11 - 000000000 ____D C:\Users\ejbea\AppData\Roaming\Dell
2021-09-21 11:57 - 2021-09-30 13:29 - 000000000 ____D C:\FRST
2021-09-16 13:34 - 2021-09-16 13:34 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-16 13:32 - 2021-09-16 13:32 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-16 13:32 - 2021-09-16 13:32 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-16 13:32 - 2021-09-16 13:32 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-16 13:32 - 2021-09-16 13:32 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-16 13:32 - 2021-09-16 13:32 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-16 13:30 - 2021-09-16 13:30 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-16 13:30 - 2021-09-16 13:30 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-16 13:30 - 2021-09-16 13:30 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-16 13:30 - 2021-09-16 13:30 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-16 13:30 - 2021-09-16 13:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-16 13:30 - 2021-09-16 13:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-16 13:28 - 2021-09-16 13:28 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-16 13:28 - 2021-09-16 13:28 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-16 13:27 - 2021-09-16 13:27 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-16 13:27 - 2021-09-16 13:27 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-16 13:27 - 2021-09-16 13:27 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-16 13:27 - 2021-09-16 13:27 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-16 13:27 - 2021-09-16 13:27 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-16 13:27 - 2021-09-16 13:27 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-16 11:32 - 2021-09-16 11:32 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-30 13:24 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-30 13:23 - 2020-11-22 01:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-29 11:42 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-29 11:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-28 11:59 - 2019-04-03 16:02 - 000000000 ____D C:\Users\ejbea\AppData\Local\PlaceholderTileLogoFolder
2021-09-28 10:42 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-28 10:29 - 2020-11-22 01:42 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3457983286-1419784188-334204780-1001
2021-09-28 10:29 - 2020-11-22 01:16 - 000002381 _____ C:\Users\ejbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-28 09:20 - 2020-11-22 01:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-28 09:20 - 2019-04-03 15:56 - 000000000 __SHD C:\Users\ejbea\IntelGraphicsProfiles
2021-09-28 09:19 - 2020-11-22 01:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-28 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-28 09:18 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-28 09:17 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-27 15:18 - 2020-11-22 01:16 - 000000000 ____D C:\Users\ejbea
2021-09-27 10:54 - 2020-07-09 16:01 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-27 10:54 - 2020-07-09 16:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-23 06:09 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-23 05:50 - 2019-02-08 15:45 - 000000000 ____D C:\ProgramData\Dell
2021-09-23 05:50 - 2019-02-08 15:16 - 000000000 ____D C:\Program Files\Dell
2021-09-22 14:29 - 2020-08-30 21:39 - 000000000 ____D C:\Users\ejbea\AppData\LocalLow\Temp
2021-09-22 11:23 - 2019-04-03 15:56 - 000000000 ____D C:\Users\ejbea\AppData\Local\Packages
2021-09-22 11:11 - 2019-02-08 15:17 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-22 10:58 - 2019-02-08 15:51 - 000000000 ____D C:\ProgramData\RivetNetworks
2021-09-22 09:44 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-22 09:26 - 2020-09-16 16:30 - 000000000 ____D C:\Users\defaultuser100000
2021-09-21 13:07 - 2019-06-18 17:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-19 15:26 - 2019-04-03 16:04 - 000000000 ___RD C:\Users\ejbea\OneDrive
2021-09-18 22:34 - 2019-02-08 15:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-18 22:25 - 2019-03-30 01:58 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-16 15:13 - 2020-11-22 01:28 - 000797618 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-16 15:09 - 2020-11-22 01:09 - 000448408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-16 15:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-16 15:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-16 15:03 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-16 11:26 - 2019-04-03 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-16 11:19 - 2019-04-03 18:07 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-12 13:01 - 2020-10-01 18:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-04 19:05 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-04 09:49 - 2019-06-04 22:14 - 000000000 ____D C:\Users\ejbea\AppData\Local\D3DSCache
==================== FLock ==============================
2020-11-22 01:11 C:\Recovery
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by ejbea (30-09-2021 13:41:02)
Running from C:\Users\ejbea\OneDrive\Desktop
Windows 10 Home Version 2004 19041.1237 (X64) (2020-11-22 06:44:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3457983286-1419784188-334204780-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457983286-1419784188-334204780-503 - Limited - Disabled)
ejbea (S-1-5-21-3457983286-1419784188-334204780-1001 - Administrator - Enabled) => C:\Users\ejbea
Guest (S-1-5-21-3457983286-1419784188-334204780-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3457983286-1419784188-334204780-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 94.1.30.86 - Brave Software Inc)
Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a914536c-bd41-479c-96aa-dee4a9639c22}) (Version: 21.10.1 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{06F94C28-DE1D-485F-AD91-333ACEB3F52D}) (Version: 1.6.100.32677 - Intel Corporation)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9669.4 - Waves Audio Ltd.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8622 - Realtek Semiconductor Corp.)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-3457983286-1419784188-334204780-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.65.3.0_x86__kgqvnymyfvs32 [2021-09-22] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-18] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_13.0.10.0_x86__m9bz608c1b9ra [2021-07-27] (Nordcurrent)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-16] (Dropbox Inc.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-04-03] (Fitbit)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-04-03] (LinkedIn)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-29] (CYBERLINK CORPORATION.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1240.4.118.0_x64__8xx8rvfyw5nnt [2021-09-29] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.11030.0_x64__8wekyb3d8bbwe [2020-11-27] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-27] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-21] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-20] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-04-03] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-14] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-13] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-04-03] (CYBERLINK CORPORATION.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3457983286-1419784188-334204780-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-22] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ejbea\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bdaipkelaldmidppbfaafolldkbdenfg\Home _ BVSCU.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bdaipkelaldmidppbfaafolldkbdenfg --app-url=hxxps://www.bvscu.org/
==================== Loaded Modules (Whitelisted) =============
2020-04-20 12:14 - 2020-04-20 12:14 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-20 12:14 - 2020-04-20 12:14 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2020-04-20 12:15 - 2020-04-20 12:15 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\AppVIsvSubsystems32.dll
2020-04-20 12:15 - 2020-04-20 12:15 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3457983286-1419784188-334204780-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{89201931-C0C7-4269-8D13-2D10CC494228}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{EE179294-8BE1-48D2-829B-0D208A3ABC0D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{008C2730-9A95-4A24-8F94-6D33FC90705E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D832794C-2804-4AC3-9A1C-6C4981BD8E14}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{0DF6AE09-D610-435A-B250-F62CFD17A521}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{76FB62CC-CE27-4E18-8A24-CCE2C1D8AB76}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4B2F5D68-0069-4EB2-98FA-8A01A364A3DE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E1250F2B-4DAF-42E4-88D6-330A3F1F3A04}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A224DBA5-4E7A-48C3-B08E-B9EFF5329157}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF17721C-F271-495B-8942-7BB9128D3DDB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04B9B98A-720E-449C-B401-045C48635E1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B665FCFF-FAF3-41B8-8D5D-A33E02972549}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D045C522-323F-48F7-83E5-C28F8804A587}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{C86A81FC-A094-4D7D-9530-17A238C9A1E2}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8D58174F-9D5A-4AFF-B953-E8C468B1CB42}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA152D3D-5460-42B7-B93D-0535961211C5}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
16-09-2021 11:27:10 Windows Modules Installer
22-09-2021 10:54:38 Removed SmartByte Drivers and Services.
23-09-2021 05:48:04 AdwCleaner_BeforeCleaning_23/09/2021_05:47:57
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/30/2021 01:24:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187512347 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function: ConfigTdpPolicy::onBindDomain
Message: ConfigTdp not supported.
Participant: TCPU [0]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]
Error: (09/30/2021 01:24:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187512345 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function: ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message: ConfigTdp not supported.
Policy: ConfigTDP Policy [0]
Error: (09/30/2021 01:23:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187493412 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function: ConfigTdpPolicy::onBindDomain
Message: ConfigTdp not supported.
Participant: TCPU [0]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]
Error: (09/30/2021 01:23:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 187493410 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function: ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message: ConfigTdp not supported.
Policy: ConfigTDP Policy [0]
Error: (09/28/2021 05:48:57 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 30597262 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function: ConfigTdpPolicy::onBindDomain
Message: ConfigTdp not supported.
Participant: TCPU [0]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]
Error: (09/28/2021 05:48:57 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 30596944 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function: ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message: ConfigTdp not supported.
Policy: ConfigTDP Policy [0]
Error: (09/28/2021 05:07:24 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 28096864 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 155
Executing Function: ConfigTdpPolicy::onBindDomain
Message: ConfigTdp not supported.
Participant: TCPU [0]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]
Error: (09/28/2021 05:07:24 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 28096862 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 342
Executing Function: ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message: ConfigTdp not supported.
Policy: ConfigTDP Policy [0]
System errors:
=============
Error: (09/28/2021 09:20:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DpmLiteDrv service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/28/2021 09:18:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/28/2021 09:18:29 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (09/28/2021 09:17:52 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/28/2021 09:17:51 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (09/28/2021 09:17:51 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/28/2021 09:17:22 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/28/2021 09:17:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-2KHI5DN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
================
Date: 2021-09-22 16:28:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-22 14:50:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-22 14:19:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-22 13:00:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-22 12:55:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-28 08:15:51
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-22 09:51:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally
Date: 2021-09-22 09:51:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally
Date: 2021-09-22 09:51:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1004.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally
Date: 2021-05-27 20:35:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1367.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===============
Date: 2021-09-28 08:20:22
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Dell Inc. 2.9.0 01/17/2019
Motherboard: Dell Inc. 0KDGM1
Processor: Intel® Core i3-7020U CPU @ 2.30GHz
Percentage of memory in use: 88%
Total physical RAM: 3961.88 MB
Available physical RAM: 463.64 MB
Total Virtual: 5241.88 MB
Available Virtual: 857.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.28 GB) (Free:839.85 GB) NTFS
Drive d: (ALANJACKSON) (CDROM) (Total:2.84 GB) (Free:0 GB) UDF
\\?\Volume{fd2d1fed-76f6-480c-b417-67c9ffa24b55}\ () (Fixed) (Total:0.97 GB) (Free:0.42 GB) NTFS
\\?\Volume{5cd94f67-f6f3-4212-a598-b033ff9c94e0}\ (Image) (Fixed) (Total:12.37 GB) (Free:0.18 GB) NTFS
\\?\Volume{47947bc6-a3e5-4503-8019-82fe861d2456}\ (DELLSUPPORT) (Fixed) (Total:1.14 GB) (Free:0.48 GB) NTFS
\\?\Volume{d2539f45-3d68-4475-9752-df5d993b6786}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.57 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6CAC8AAD)
Partition: GPT.
==================== End of Addition.txt =======================