Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer suddenly very slow [Solved]


  • This topic is locked This topic is locked

#1
browneyedleo730

browneyedleo730

    Member

  • Member
  • PipPip
  • 49 posts

Hi. I was working on my computer today and suddenly the screens went black. At fist I thought my monitor shorted out (it does that sometimes) but that wasn't the case. I restarted the computer and everything started running like molasses. There is a serious lag when I open programs, documents or the internet. There is a serious lag when I type and scroll with the mouse - although, curiously, there is no typing or scrolling lag in notepad.  I ran malwarebytes but it didn't detect anything. I tried to do a system restore to a previous date twice but the processes keeps getting stalled at the initializing stage. I have windows 10. I appreciate any help I can get.

 

Here are my Farbar logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2021
Ran by erine (administrator) on DESKTOP-0OR6TUF (Dell Inc. Inspiron 3670) (22-09-2021 00:20:35)
Running from C:\Users\erine\Desktop
Loaded Profiles: erine
Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\mcafee-security.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(Meraki, LLC. -> Meraki, Inc.) C:\Program Files\Meraki\Systems Manager Agent 3.1.1\m_agent_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\erine\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe <3>
(Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_18c775e07a6aaafd\RtkAudUService64.exe [1257032 2021-04-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-07-25] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-05-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [30320 2019-08-13] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\erine\AppData\Local\WebEx\ciscowebexstart.exe [2499800 2021-02-25] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Link.lnk [2020-04-01]
ShortcutTarget: Avid Link.lnk -> C:\Program Files\Avid\Avid Link\Avid Link.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Positive Grid USB Audio Device Control Panel Autostart.lnk [2021-07-29]
ShortcutTarget: Positive Grid USB Audio Device Control Panel Autostart.lnk -> C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-05-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003CFD9A-971D-4B9A-A2A5-057ECC235A2F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3707107645-3133845480-1438675409-1001 => C:\Users\erine\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {11C369DA-8429-4770-97FE-B0E2B7D2A5F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {137913B0-BA06-4AF2-9D39-15C9D262E643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1BE86C00-AA40-4497-BE7C-CD3F3DBA242A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {23AFBA10-96F1-44A1-9DBF-C6F90AC0435E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-02] (Google Inc -> Google Inc.)
Task: {35FF5702-C0A4-4C79-AFAE-DF3F5794D2D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {361A9B78-F48C-4CF9-AADB-2C588162FAC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E8CF46C-9899-48E7-97D6-5C407E358E1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-02] (Google Inc -> Google Inc.)
Task: {68496CDE-014A-4A93-AB8B-66621B337893} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4665296 2018-09-11] (McAfee, Inc. -> McAfee, Inc.)
Task: {6DDBADCD-AD84-44A5-BFA8-2322E1DB69D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {8EA652E2-0F53-41E2-9C94-9577C55C2ABA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {93461ECF-28A9-4D49-B11F-A1A8275E8339} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1155480 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8F926DE-4DB7-4BFC-86D7-32F2800E6E41} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A930250E-FD60-483D-B73A-D446A2B91AF5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {B0FC898B-670F-493E-8A53-4FD380C81F54} - System32\Tasks\NCH Software\ExpressRipDowngrade => C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe [1006648 2019-03-22] (NCH Software Pty Ltd -> NCH Software)
Task: {C37B4CFA-631B-49AF-BF09-692DCA436213} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {C4AC0B23-378D-453F-8E66-F62E455295F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C902F622-B369-44AD-8BE6-46FDB35C5B1A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0142236-511F-4774-A84E-E39E07AD1A30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3F632A4-BCA9-46DF-BDFF-7D5BBD9BD5A0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F323D4A5-A8BC-45F0-BA78-CEB3845793B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {FB683A86-36CD-4E64-BFF9-D3925F6FC865} - System32\Tasks\G2MUploadTask-S-1-5-21-3707107645-3133845480-1438675409-1001 => C:\Users\erine\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {FBA9D3F3-F308-4266-B394-D8B8F5DB8EED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3707107645-3133845480-1438675409-1001.job => C:\Users\erine\AppData\Local\GoToMeeting\19796\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3707107645-3133845480-1438675409-1001.job => C:\Users\erine\AppData\Local\GoToMeeting\19796\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{2d523801-0097-4f41-aeb8-f30dcdd432b5}: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{efd4fddc-f2ea-4ba3-b79d-778a0be4e2c9}: [DhcpNameServer] 172.71.1.171
 
Edge: 
=======
DownloadDir: C:\Users\erine\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\erine\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-22]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: un57y4gx.default
FF ProfilePath: C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default [2021-09-16]
FF Extension: (translator-lite) - C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default\Extensions\[email protected] [2019-03-11]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\erine\AppData\Roaming\Mozilla\Firefox\Profiles\un57y4gx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-07-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-06-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2019-02-17] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-04-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-04-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\erine\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-12-05]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]
CHR DownloadDir: C:\Users\erine\Downloads
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://place-web.com; hxxps://voice.google.com; hxxps://www.cbssports.com; hxxps://www.facebook.com; hxxps://www.ketoconnect.net; hxxps://www.newsbreak.com; hxxps://www.sephora.com
CHR HomePage: Default -> hxxps://my.erikson.edu/ics/default.aspx/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxp://www.office.com/"
CHR Extension: (Slides) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-02]
CHR Extension: (Docs) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-02]
CHR Extension: (Google Drive) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-02]
CHR Extension: (Mendeley Web Importer) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2021-09-02]
CHR Extension: (Adobe Acrobat) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-18]
CHR Extension: (Sheets) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-02]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-30]
CHR Extension: (Whisk) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoijmnbedaipllfimaogeepohalbgka [2021-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Pinterest Save Button) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-09-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-14]
CHR Extension: (Cisco Webex Extension) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-07-27]
CHR Extension: (Google Scholar Button) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2020-10-08]
CHR Extension: (Yumprint) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboinfelnglhdhgchcmomigiddalpjka [2018-12-02]
CHR Extension: (No Name) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-22]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-16]
CHR Extension: (Slides) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-13]
CHR Extension: (Google Drive) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-13]
CHR Extension: (YouTube) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-13]
CHR Extension: (Adobe Acrobat) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-13]
CHR Extension: (Sheets) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-13]
CHR Extension: (Gmail) - C:\Users\erine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-13]
CHR Profile: C:\Users\erine\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-07-08] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [2606704 2019-08-13] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-21] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R2 MerakiSystemsManagerAgent; C:\Program Files\Meraki\Systems Manager Agent 3.1.1\m_agent_service.exe [6269152 2021-04-27] (Meraki, LLC. -> Meraki, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3595776 2021-09-17] (Microsoft Corporation) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2013-04-11] () [File not signed]
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iTransfer\DriverInstall.exe [107200 2017-11-08] (Shenzhen Yi Xing Investment Co., Ltd. -> Wondershare)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl21a47fd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E59C9DB0-2121-4C68-972F-1DACE0144861}\MpKslDrv.sys [130296 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 Spark40USBAudioDriver; C:\WINDOWS\System32\drivers\Spark40USBAudioDriver.sys [377384 2019-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Spark40USBAudioDriverks; C:\WINDOWS\System32\drivers\Spark40USBAudioDriverks.sys [53800 2019-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2013-04-11] (WatchGuard Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-22 00:20 - 2021-09-22 00:20 - 002304512 _____ (Farbar) C:\Users\erine\Desktop\FRST64.exe
2021-09-22 00:20 - 2021-09-22 00:20 - 000000000 ____D C:\Users\erine\Desktop\FRST-OlderVersion
2021-09-21 23:58 - 2021-09-21 23:58 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-21 23:58 - 2021-09-21 23:58 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-09-21 23:58 - 2021-09-21 23:58 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-21 15:19 - 2021-09-21 15:19 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-21 15:07 - 2021-09-21 15:07 - 000000000 ___HD C:\$SysReset
2021-09-21 14:04 - 2021-09-21 14:04 - 000000000 ___HD C:\$WinREAgent
2021-09-21 12:58 - 2021-06-18 06:35 - 001859624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001859624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 12:58 - 2021-06-18 06:35 - 001102328 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 001102328 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000956432 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000956432 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000614232 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000429928 _____ C:\WINDOWS\system32\ze_loader.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000309696 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000257088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000173080 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000148360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-09-21 12:58 - 2021-06-18 06:35 - 000145776 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 026671952 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 013499224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 000507744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 12:58 - 2021-06-18 06:34 - 000370528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 12:58 - 2021-06-18 06:33 - 000354672 _____ C:\WINDOWS\system32\ControlLib.dll
2021-09-17 22:08 - 2021-09-17 22:08 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3707107645-3133845480-1438675409-1001
2021-09-17 22:08 - 2021-09-17 22:08 - 000002385 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-16 18:26 - 2021-09-16 18:26 - 001628064 _____ C:\Users\erine\Downloads\MQI Coaching Camera Set Up Guide (1).pdf
2021-09-16 18:15 - 2021-09-16 18:15 - 001628064 _____ C:\Users\erine\Downloads\MQI Coaching Camera Set Up Guide.pdf
2021-09-16 15:26 - 2021-09-16 15:26 - 008087229 _____ C:\Users\erine\Downloads\Gender.zip
2021-09-16 14:20 - 2021-09-16 14:20 - 000818066 _____ C:\Users\erine\Downloads\Cahoon_Cassidy_Purpura_et_al._2021_Rigorous_Measure_JNC_AAM.pdf
2021-09-16 03:53 - 2021-09-16 03:53 - 000012175 _____ C:\Users\erine\Desktop\NSF Figures.xlsx
2021-09-14 22:02 - 2021-09-14 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-09-14 11:46 - 2021-09-14 11:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-14 11:44 - 2021-09-14 11:44 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-09-10 14:09 - 2021-09-10 14:09 - 000000000 ____D C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-09-10 13:50 - 2021-09-10 13:50 - 000896935 _____ C:\Users\erine\Downloads\fe_report_fin.pdf
2021-09-08 00:57 - 2021-09-12 04:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-05 01:35 - 2021-09-16 23:10 - 000017905 _____ C:\Users\erine\Desktop\Milk Ledger.xlsx
2021-09-04 15:56 - 2021-09-04 15:56 - 000105464 _____ C:\Users\erine\Downloads\MQI Coaching Teacher Matching - by coach.xlsx
2021-09-02 00:21 - 2021-09-02 00:21 - 002857747 _____ C:\Users\erine\Downloads\Curriculum Night Power Point.pptx.pdf
2021-09-01 00:05 - 2021-09-01 00:05 - 000011607 _____ C:\Users\erine\Downloads\FY21 Report Summary 8.31.21.xlsx
2021-08-31 14:12 - 2021-08-31 14:12 - 000336341 _____ C:\Users\erine\Downloads\Math Partners_Narrative.edited.pdf
2021-08-31 11:56 - 2021-08-31 11:56 - 000003524 _____ C:\Users\erine\Downloads\EQUIP_M_Forms_Summary.csv
2021-08-31 11:47 - 2021-08-31 11:47 - 000007616 _____ C:\Users\erine\Downloads\EQUIP_M_Forms (12).csv
2021-08-30 14:57 - 2021-08-30 14:57 - 000000000 ____D C:\Users\erine\.IBM
2021-08-30 13:32 - 2021-08-30 13:32 - 000000000 ____D C:\Users\erine\AppData\Local\renv
2021-08-30 13:29 - 2021-08-30 13:29 - 000002168 _____ C:\Users\Public\Desktop\IBM SPSS Statistics.lnk
2021-08-30 13:29 - 2021-08-30 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2021-08-30 13:14 - 2021-08-30 13:17 - 880796040 _____ (IBM Corp) C:\Users\erine\SSC_64-bit_28.0.0.0_MWins.exe
2021-08-27 15:17 - 2021-08-27 15:17 - 000002370 _____ C:\Users\erine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-08-27 15:17 - 2021-08-27 15:17 - 000002362 _____ C:\Users\erine\Desktop\Microsoft Teams.lnk
2021-08-26 23:41 - 2021-08-26 23:42 - 000528762 _____ C:\Users\erine\Downloads\Villarreal2015-WJIVACHTestReview.pdf
2021-08-26 23:09 - 2021-08-26 23:09 - 000505343 _____ C:\Users\erine\Downloads\StudyReviewProtocolVersion4.1-508 (1).pdf
2021-08-26 23:05 - 2021-08-26 23:05 - 000021489 _____ C:\Users\erine\Downloads\DSG ARISE Invoice Blank (1).xlsx
2021-08-26 14:20 - 2021-08-26 14:20 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-08-24 13:41 - 2021-08-24 13:41 - 000824908 _____ C:\Users\erine\Downloads\nsf20572.pdf
2021-08-23 17:07 - 2021-08-23 17:07 - 000000000 ___RD C:\Users\erine\Documents\Scanned Documents
2021-08-23 17:07 - 2021-08-23 17:07 - 000000000 ____D C:\Users\erine\Documents\Fax
2021-08-23 00:25 - 2021-08-23 00:25 - 000456603 _____ C:\Users\erine\Downloads\Completion_Certificate (3).pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-22 00:23 - 2021-03-05 12:01 - 000031360 _____ C:\Users\erine\Desktop\FRST.txt
2021-09-22 00:22 - 2021-03-05 11:56 - 000000000 ____D C:\FRST
2021-09-22 00:13 - 2018-12-02 19:13 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-22 00:01 - 2020-05-18 12:16 - 000000000 ___RD C:\Users\erine\OneDrive - erikson.edu
2021-09-22 00:01 - 2019-10-04 15:11 - 000000000 ___RD C:\Users\erine\erikson.edu
2021-09-22 00:01 - 2018-12-02 19:07 - 000000000 ___RD C:\Users\erine\OneDrive
2021-09-21 23:57 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-21 23:56 - 2020-11-01 04:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-21 23:56 - 2020-11-01 03:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-21 23:56 - 2020-11-01 03:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-21 23:56 - 2018-09-11 08:13 - 000000000 ____D C:\Intel
2021-09-21 21:24 - 2020-11-01 03:52 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-21 21:24 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-21 18:04 - 2018-12-02 19:36 - 000000000 ____D C:\Users\erine\AppData\LocalLow\Mozilla
2021-09-21 17:49 - 2019-12-07 04:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-09-21 16:45 - 2021-04-12 11:57 - 000563080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-21 16:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-21 16:41 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-21 16:37 - 2020-05-18 17:19 - 000000000 ____D C:\Users\erine\Documents\Zoom
2021-09-21 16:29 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-21 15:51 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-21 15:51 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-21 15:31 - 2021-06-24 04:36 - 000000000 ____D C:\Users\erine\AppData\LocalLow\IGDump
2021-09-21 15:19 - 2021-05-28 15:28 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-21 15:19 - 2020-08-02 03:43 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-21 15:17 - 2021-05-28 15:27 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-21 15:11 - 2020-09-05 17:16 - 000000000 ____D C:\Users\erine\AppData\Local\CrashDumps
2021-09-21 15:08 - 2018-12-02 19:02 - 000000000 ____D C:\Users\erine\AppData\Local\Packages
2021-09-21 14:29 - 2020-08-22 05:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-21 14:28 - 2020-08-22 05:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-21 14:25 - 2018-12-02 19:14 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-18 20:24 - 2021-07-04 21:28 - 000000000 ____D C:\Users\erine\AppData\Roaming\.minecraft
2021-09-17 03:21 - 2018-12-02 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 03:16 - 2018-12-02 22:38 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-16 23:05 - 2018-12-02 19:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-16 18:25 - 2019-02-07 16:23 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-14 22:03 - 2019-01-04 18:06 - 000000000 ____D C:\Users\erine\AppData\Local\Dropbox
2021-09-14 22:03 - 2019-01-04 18:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-12 05:23 - 2018-12-02 20:40 - 000000000 ____D C:\Users\erine\AppData\Local\D3DSCache
2021-09-12 04:53 - 2018-12-02 19:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 14:10 - 2018-12-11 11:41 - 000000000 ____D C:\Users\erine\AppData\Roaming\Zoom
2021-09-09 10:11 - 2020-09-30 02:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-08 13:17 - 2018-09-11 07:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-08 07:57 - 2021-07-27 17:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-08 07:57 - 2018-12-02 19:36 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-02 04:23 - 2020-05-18 17:19 - 000000000 ____D C:\Users\erine\Documents\Housekeeping
2021-09-02 01:01 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-08-31 13:50 - 2020-09-16 02:30 - 000000000 ____D C:\Users\erine\AppData\Local\javasharedresources
2021-08-30 20:26 - 2019-11-13 08:00 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-30 14:57 - 2020-11-01 03:39 - 000000000 ____D C:\Users\erine
2021-08-30 13:32 - 2020-09-16 02:33 - 000000000 ____D C:\Users\erine\AppData\Roaming\IBM
2021-08-30 13:23 - 2020-09-16 02:28 - 000000000 ____D C:\Program Files\IBM
2021-08-26 14:26 - 2020-01-21 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-08-26 14:00 - 2021-07-27 16:02 - 002163152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-08-26 14:00 - 2021-07-27 16:02 - 000307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-08-26 14:00 - 2021-07-27 16:02 - 000213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-08-26 14:00 - 2021-07-27 16:02 - 000188856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-08-26 14:00 - 2021-07-27 16:02 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-08-26 14:00 - 2021-07-27 16:02 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-08-24 17:18 - 2020-02-07 14:29 - 000000000 ____D C:\Users\erine\AppData\Local\GoToMeeting
 
==================== Files in the root of some directories ========
 
2021-08-30 13:14 - 2021-08-30 13:17 - 880796040 _____ (IBM Corp) C:\Users\erine\SSC_64-bit_28.0.0.0_MWins.exe
2020-04-01 00:10 - 2020-04-01 00:11 - 001451682 _____ () C:\Users\erine\AppData\Roaming\AvidLink_Install.log
2021-03-05 12:06 - 2021-03-05 12:06 - 000000017 _____ () C:\Users\erine\AppData\Local\resmon.resmoncfg
 
==================== FLock ==============================
 
2021-05-28 05:10 C:\Recovery
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021
Ran by erine (22-09-2021 00:29:16)
Running from C:\Users\erine\Desktop
Windows 10 Home Version 20H2 19042.1165 (X64) (2020-11-01 09:09:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3707107645-3133845480-1438675409-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3707107645-3133845480-1438675409-503 - Limited - Disabled)
erine (S-1-5-21-3707107645-3133845480-1438675409-1001 - Administrator - Enabled) => C:\Users\erine
Guest (S-1-5-21-3707107645-3133845480-1438675409-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3707107645-3133845480-1438675409-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Avid Link (HKLM\...\{852D24C6-60A0-4822-B05D-A005A6CD2F87}) (Version: 20.3.0.1213 - Avid Technology, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC)
Comcast Business VoiceEdge Companion (HKLM-x32\...\B14ACF74-0DA5-4DEC-813B-6E5902DC6DAB_is1) (Version: 4.1.0 - Comcast Business)
Coolmuster Android Assistant (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Coolmuster Android Assistant) (Version: 4.3.497 - Coolmuster)
Dell Digital Delivery Service (HKLM-x32\...\{66E2407E-9001-483E-B2AA-7AEF97567143}) (Version: 3.6.1005.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{913C378B-00FC-429C-BCC4-E7B2EC6679C7}) (Version: 1.2.6266 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{795931D8-2EBF-4969-A678-4219B161F676}) (Version: 5.4.3.15135 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{555298fa-14a9-48f2-a7a0-9602f31785da}) (Version: 5.4.3.15135 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 131.4.3968 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
Ensemble Anthem (HKLM-x32\...\{DAC7A13A-4B6E-4697-8F4E-EA9836F34EBC}) (Version: 2.7.0 - Ensemble Video)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 3.00 - NCH Software)
G*Power 3.1.9.7 (HKLM-x32\...\{FA3666A9-FF30-4777-B906-305B1EF0486E}) (Version: 3.1.97 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.)
HLM 8.00 for Windows (Student) (HKLM-x32\...\{9E3FCEEE-3163-4946-A8AB-C97F4F70DD12}) (Version: 8.00 - SSI, Inc.)
IBM SPSS Statistics (HKLM\...\{DC8AD675-36E2-44AD-8FB9-FA069BEAC190}) (Version: 28.0.0.0 - IBM Corp)
IBM SPSS Statistics 27 (HKLM\...\{8EAD21F8-AD8B-4C6F-ABE6-92357CAB043E}) (Version: 27.0.0.0 - IBM Corp)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
iSkysoft iTransfer ( Version 4.3.1 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 4.3.1 - iSkysoft)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.0.22.435 - LeapFrog)
LeapFrogConnect2 (HKLM-x32\...\{E713461D-C80C-4E84-B53D-B351E9FD8EBA}) (Version: 4.0.22.435 - LeapFrog) Hidden
LeapStart (HKLM-x32\...\{86F8863C-5B13-4809-B154-A6F2F75A680C}) (Version: 4.0.24.437 - LeapFrog) Hidden
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.43 - McAfee, Inc.)
Mendeley Desktop 1.19.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.4 - Mendeley Ltd.)
Meraki Systems Manager Agent (HKLM\...\{573BE5A2-40E9-4C53-A744-CD352DBCC0C1}) (Version: 3.1.1 - Meraki)
Meraki Systems Manager Agent (HKLM-x32\...\{BCD00ACA-E928-48E3-BE0E-342F052BDA5C}) (Version: 1.0.98 - Meraki)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 92.0 (x64 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.68.39605 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Positive Grid USB Audio Device Driver v4.80.0 (HKLM-x32\...\Software_PositiveGrid_PositiveGrid_UsbAudio_Driver_Setup) (Version: 4.80.0 - Positive Grid)
QT5.10.1 (HKLM-x32\...\{D648CC39-D39C-445B-AEB7-213632704032}) (Version: 1.0.0.0 - LeapFrog) Hidden
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8791.1 - Realtek Semiconductor Corp.)
Sibelius (HKLM\...\{6E8787BE-2DCD-4212-BCE3-62F0D1890CB5}) (Version: 20.3.0.2503 - Avid Technology)
Sibelius OpenType Fonts (HKLM-x32\...\{797B694A-E317-4405-A512-76A91A50243F}) (Version: 20.1.0 - Avid)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.22654 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version:  - LeapFrog)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WatchGuard Mobile VPN with SSL client 11.7.3 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version:  - WatchGuard)
Zoom (HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{2C9A4261-9CAB-4FF1-AC5A-AC436FBB4F48}) (Version: 5.4.58474 - Zoom)
 
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-17] (king.com)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.0.0_x64__htrsf667h5kn2 [2021-08-05] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-10] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-19] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-08-26] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.3.12.0_x86__htrsf667h5kn2 [2021-08-12] (Dell Inc)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-02] (Fitbit)
Golden Farm -> C:\Program Files\WindowsApps\4ACEF246.GoldenFarm_2.4.16.0_x86__05g3z837ka020 [2021-08-14] (ПлейМи8)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-02] (LinkedIn)
LiquidText -> C:\Program Files\WindowsApps\LiquidText.LiquidText_2.0.10.0_x64__rx5mtpcf576t0 [2021-09-21] (LiquidText)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy [2021-09-15] (McAfee LLC.)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-26] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-26] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.91.7.0_x64__htrsf667h5kn2 [2021-08-05] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-12-02] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.995.0_x64__rh07ty8m5nkag [2021-08-14] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0 [2021-09-21] (Spotify AB) [Startup Task]
Township -> C:\Program Files\WindowsApps\PLRWORLDWIDESALES.TOWNSHIP_2021.852.1.0_x64__1feq88045d2v2 [2021-09-01] (Playrix)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2018-12-02] (Waves Audio)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-03-13] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{04271989-C4D2-88A2-3539-1A94673CEAB1} -> [OneDrive - erikson.edu] => C:\Users\erine\OneDrive - erikson.edu [2020-05-18 12:16]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{04271989-C4D2-E4DB-C5EA-728D92C7BD4B} -> [erikson.edu] => C:\Users\erine\erikson.edu [2019-10-04 15:11]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\erine\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\erine\AppData\Local\GoToMeeting\18705\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\erine\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\erine\Dropbox [2019-01-04 18:11]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\erine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Erin (erikson.edu) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2019-12-07 04:53 - 2019-12-07 04:53 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\e_sqlite3.dll
2019-05-23 15:57 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-12-03 23:19 - 2018-12-03 23:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2021-09-15 19:25 - 2021-09-15 19:25 - 016744448 _____ (McAfee LLC) [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\mcafee-security.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> DefaultScope {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-06-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-04-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-06-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-04-13] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\sharepoint.com -> hxxps://erikson-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Propellerhead Software\ReWire\;C:\Program Files\Common Files\Propellerhead Software\ReWire\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.12.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Avid Link.lnk"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "LeapFrog Connect 2 Launcher"
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{82FE4774-7537-40D4-8C40-CB1E04F8B9DB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{91265713-1BBB-4EFD-918E-8AC3F172D293}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{D41C67E6-5EF9-4387-8E7A-C0CFF6A70183}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{FCB196ED-7F09-493B-851D-F7D005EA342D}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{797D1683-93F2-436A-AE46-8A6C03D3A99F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{4ECB768A-7AEF-40C0-9735-7184D93F5FCD}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\27\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{8069A8E5-D2BD-483C-BFDE-58870785C960}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
FirewallRules: [{4FEEDD4D-FF92-4455-AB6E-544F7BE57D8D}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
FirewallRules: [{68C5941B-BF1D-4ADB-A299-5AB0E491DF27}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe
FirewallRules: [{AB8C8466-A433-4B37-B535-F8F64B6B4F1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{2E5D5CE8-C96E-46E3-ADF3-4AF738FB6404}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{1BB45BF6-C2F6-4DB2-A81E-1BA2C8322294}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{27D0D49B-7299-46BD-B764-15D687BF7D06}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{EEE394CF-2D2F-483E-8613-AD38FBEBEC2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gary Grigsby's War in the East\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{0EA081DF-F331-4613-A022-4BE8354C329D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gary Grigsby's War in the East\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [UDP Query User{0AADBF99-E49A-470A-84C3-A445CF235D41}C:\users\erine\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\erine\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AC25FB74-84CA-4847-B09F-F7143197E990}C:\users\erine\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\erine\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ABA2EB13-5D2C-455F-A3AE-5BE0DF5C195F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8DE8C12E-51DB-4280-989B-EEFF1931C5C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{4BEC8F64-4607-4E9B-A209-00688A19FDB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steel Division 2\SteelDivision2.exe (Eugen Systems -> )
FirewallRules: [{97DA9C1D-F386-4B7A-A99C-1440A2C154F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steel Division 2\SteelDivision2.exe (Eugen Systems -> )
FirewallRules: [{E93034E9-9443-476F-964D-6C5070F1ADD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{B6622C3D-3707-43DA-B5A6-8599CDF72043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C6E35B94-22E1-4229-A500-6FC32A0EBC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C18BFC5B-68EE-4237-8C85-1EA1B0C4C2BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{6764EA49-E091-42EE-B6F3-3BE87A88721A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{E4D706BE-7FF3-478D-AF73-1B17D9A2BF77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B985B362-BDB3-493B-A206-970E2D1323DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{2477E48C-20B1-4E19-9D7B-CCB9553EBC99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{0B9FD753-8363-40B2-8B92-99E6F08055CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{699FC05B-C7B0-4A70-9C5C-EB0CC7F720B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{8C1F622C-3C47-4EE0-8AA2-9323509AE855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{F249F148-5AD5-4D87-9EC1-35DAFD5ADFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{557977B2-27B4-4457-9E98-F49B3A008420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{906D40C6-E3B1-4580-AA51-BA445A074AF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B5A938DB-9C46-4F71-A42E-1CB98406DA81}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B8486867-0FE5-4ACA-946A-D213304AA51C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DDE83877-17D5-4FDF-AAA5-2D3FE2B62307}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe (Witold Budziszewski) [File not signed]
FirewallRules: [{6922417B-4AB2-4EC0-A47B-58C9593DAA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe (Witold Budziszewski) [File not signed]
FirewallRules: [{714773E4-E0B5-4EA0-80E8-F0D156B1F696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{269078E5-3A6D-4519-8182-0AA78896E999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{4CA29012-B83A-4ECA-BE17-0B6F76173FC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{80C230DC-C372-422C-A7C1-0295487EB577}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3062A725-8B8C-4737-B938-5159C1F8BAD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.11001.20108.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A20DCD7-4621-4B9E-9666-2E2CD79C6839}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6DAE79D6-5676-41DA-BCDD-E6C03E7C3FA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{035DEDDF-E79A-4167-A583-3A47054DA3F7}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{52931BB2-AD5A-4E2A-8DE6-182F3D8DC90A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{AB766514-604C-4DBA-B002-D77B73A1E6E6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5EF13515-3723-47F2-ABCA-E745246AB2D4}C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [UDP Query User{58E11E2C-C253-47C7-B49D-DA8F227979B3}C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [{50E43B59-7084-4D0D-AF62-5B4802508B2C}] => (Block) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [{E2F0F573-400B-4772-9EBA-FA4DF606A905}] => (Block) C:\program files (x86)\coolmuster\coolmuster android assistant\4.3.497\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) [File not signed]
FirewallRules: [TCP Query User{B7C35C69-7505-49A3-B2A1-BDC75CE23223}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{113914F1-ED21-4DF8-BFBD-47BFD1943831}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1EE83D3B-715B-4A07-926A-99F07DC5D87F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{6914C75B-8A33-4BCF-B2B6-B5154E370D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{60087F19-41E9-4B83-92BF-42AE0E96B285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe () [File not signed]
FirewallRules: [{1343FBE2-EFFA-4694-83C4-0CE004845964}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\Ultimate General Civil War.exe () [File not signed]
FirewallRules: [{D6308340-01AB-4E9A-BC95-11D14026AC64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe () [File not signed]
FirewallRules: [{F0C93BA6-F6E2-4424-AB6F-549AA0FC9D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate General Civil War\UGCWReporter.exe () [File not signed]
FirewallRules: [{5D4C5A9A-4F5F-4CF0-AD0C-B53668077E2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38F9008D-0333-4593-8D78-237A27B56288}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03D065CB-622F-4E20-8916-59BD6A83C25A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3447EA05-5783-4ED3-A145-4B43571A4077}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7D391528-ED0B-4F09-8452-1B86A3F8EB2B}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{2AADF3EC-9353-4232-8BE2-A03C5781AFD4}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{28640029-1CB6-4D5C-81DE-C33AEC9B3847}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [File not signed]
FirewallRules: [{DCB7C2BF-466C-4C00-8EAE-986689CBAD46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers2\DoorKickers2.exe (KillHouse Games) [File not signed]
FirewallRules: [{C3F05293-542D-4C51-B121-6B5474AD6FEB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02CABF53-34E9-488A-B187-CED93CD9B622}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DACE35D2-C9F0-4EB3-BE17-105B184B48BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC9A486B-FA76-4F4A-9C74-A35561D69EED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{35F2DB8B-1539-4BF6-8E5E-E0C5FC99605A}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8FAD2BBC-9476-47FB-9E15-346CDBAEB1BD}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BED2FFDD-8169-4996-B79C-C8212D6212CD}] => (Allow) C:\Users\erine\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B6049CDA-5875-4617-8BF7-9A052CCCEC06}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B30F5F60-7015-4799-91EB-778700102F8B}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [UDP Query User{A9FFD051-8FCD-44A3-B952-F3AF195157F7}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{CEB8091C-CE29-4B1B-B89B-4FA0EF24556F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BCF0346C-9AA7-40EC-9DCA-DFC1B31F2051}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D79B315C-64F6-49A7-8C52-FAE75805F7D6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7ECE8BB-8957-4159-B2DB-DE026CE96113}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8D4CA353-B546-48D8-A235-1E2D885A2337}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{40394BF5-5196-4947-AE3B-3EDF46B64C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A5E8B12E-FA20-4482-8BAC-49D0E2880C85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{63221326-276E-4796-8B87-150213399625}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0BF43371-7FCC-4158-AE9E-B3D9A440C2FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E5ADA3B3-A36D-4E54-94F2-7889FDB3F8CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F6AA52A-28E5-4C70-98A7-7D3D2B0DF0C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0CA07BD8-3AD6-4374-B338-87F089463A35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C2CF675-8869-479A-B613-C094EB2F2CF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.632.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
30-08-2021 13:19:18 Installed IBM SPSS Statistics.
07-09-2021 20:41:19 Scheduled Checkpoint
16-09-2021 05:16:01 Scheduled Checkpoint
21-09-2021 14:08:47 Windows Modules Installer
21-09-2021 18:20:17 Restore Operation
 
==================== Faulty Device Manager Devices ============
 
Name: DCP-L2540DW
Description: DCP-L2540DW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/22/2021 12:00:10 AM) (Source: System Restore) (EventID: 8204) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).
 
Error: (09/21/2021 09:22:18 PM) (Source: System Restore) (EventID: 8204) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).
 
Error: (09/21/2021 06:31:53 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (09/21/2021 02:51:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 21.7.20091.59174, time stamp: 0x613991a9
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb
Exception code: 0xc0000005
Fault offset: 0x0005f583
Faulting process id: 0x304c
Faulting application start time: 0x01d7af201447c009
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 869101b3-6a42-4759-b8cc-b41b88793855
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/20/2021 09:26:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on ErinsPassport (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/20/2021 09:26:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/17/2021 06:08:25 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/14/2021 10:02:32 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
 
System errors:
=============
Error: (09/22/2021 12:04:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Digital Delivery Service service hung on starting.
 
Error: (09/21/2021 11:57:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/21/2021 11:57:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/21/2021 09:24:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0OR6TUF)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (09/21/2021 09:24:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0OR6TUF)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (09/21/2021 09:24:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0OR6TUF)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/21/2021 09:24:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0OR6TUF)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/21/2021 09:24:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0OR6TUF)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-09-21 18:03:01
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Mp3Rocket
Severity: Low
Category: Potentially Unwanted Software
Path: file:_F:\mp3rocket.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.349.1181.0, AS: 1.349.1181.0, NIS: 1.349.1181.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
 
Date: 2021-09-19 15:15:17
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-18 13:34:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-17 18:05:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-16 14:05:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-21 13:21:48
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.1082.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80240022
Error description: The program can't check for definition updates. 
 
Date: 2021-09-17 05:06:35
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.890.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2021-09-17 05:06:35
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.349.890.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2021-06-27 03:15:28
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.17.1 12/16/2020
Motherboard: Dell Inc. 0H4VK7
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 52%
Total physical RAM: 12110.39 MB
Available physical RAM: 5713.58 MB
Total Virtual: 13966.39 MB
Available Virtual: 7040.06 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.19 GB) (Free:651.79 GB) NTFS
Drive f: (ErinsPassport) (Fixed) (Total:465.73 GB) (Free:424.75 GB) NTFS
 
\\?\Volume{0dc063a1-69be-4be6-ab33-f9d07fccda34}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.5 GB) NTFS
\\?\Volume{98dc49b9-304f-4b24-a15e-39dc3c620e5c}\ (Image) (Fixed) (Total:11.52 GB) (Free:0.23 GB) NTFS
\\?\Volume{792f05df-4929-4744-8772-a75e1c906fe3}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.21 GB) NTFS
\\?\Volume{afe7b3d6-a805-42cc-8e1f-b11ce3a3cae9}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 32F8F15B)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello, browneyedleo730.
 
Could you please let me call you a simpler name? :)
 
There is no sign of an active infection in your computer. However, there are some things we can do to improve computer's functionality.
 
 
Before we begin, please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
===========================
 
Let's begin.
 
1. McAfee Removal
 
You have McAfee WebAdvisor installed. Since Microsoft Defender, the built-in Windows 10 security platform, is enabled, I recommend you to uninstall McAfee; sometimes third-party antivirus cause issues in Windows 10. If that is not the case, and you want McAfee, you can re-install it at the end of this procedure.
 
To uninstall McAfee WebAdvisor: 
 
Use Method 2 in this link: McAfee KB - How to remove McAfee products from a PC that runs Windows (TS101331)

 
2. Adobe Flash Player and Java Removal
 
Adobe Flash Player is not supported anymore. It reached its end of life in December 2020. 
 
As for Java, there are very few reasons these days to continue having this program installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. 
 
To uninstall Flash Player and Java:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Adobe Flash Player 11 Plugin 
Java 8 Update 281
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

3. Remove a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find McAfee® WebAdvisor, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

Do the above for both, Default and Profile 1 profiles in Google Chrome.
 
 
4. Remove an app

  • Click on the Start button and find McAfee® Personal Security. Right click on it and select Uninstall.
  • Restart.

 

5. Chrome notifications
 
Did you intentionally enable notifications from these sites? 


hxxps://meet.google.com; 
hxxps://place-web.com; 
hxxps://voice.google.com; 
hxxps://www.cbssports.com; 
hxxps://www.facebook.com; 
hxxps://www.ketoconnect.net; 
hxxps://www.newsbreak.com; 
hxxps://www.sephora.com

6. Fresh FRST logs
 
After the removals, please attach for me fresh FRST logs.

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 1

#3
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hi! Thank you for your response. Please call me Erin.

 

I did as you instructed. The only exception was that the McAffe Chrome extensions weren't there after I followed the previous step. I also cleaned up the chrome notifications. The issues seems to be incrementally getting better. I saw your response before I went to bed and at that time I wasn't experiencing lags when opening documents saved on my computer or in the cloud anymore, but I was still experiencing lags when I opened up an internet browser (chrome and firefox). When I woke up, Firefox was working without issue, but I am still experiencing lags (typing and scrolling) in Chrome. Unfortunately, I really depend on Chrome.

 

Attached are my latest logs.

 

Thank you again!

 

 

Attached Files


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Thank you, Erin. :)

 

Actually we didn't clean anything yet. Just a pre-cleaning work.

 

I'll review your new logs and report back as soon as I am ready.


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Let's continue.
 
1. FRST fix


NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> DefaultScope {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
S3 MpKsl272126af; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BB6FCA4-EC78-481E-B3AE-71645FD90A47}\MpKslDrv.sys [X]
2021-09-22 04:04 - 2021-09-22 04:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-09-22 03:58 - 2021-09-22 03:58 - 011105408 _____ (McAfee, LLC) C:\Users\erine\Desktop\MCPR.exe
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\erine\AppData\Local\GoToMeeting\18705\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\erine\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll => No File
Emptytemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

In your next reply please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
     

  • 1

#6
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Below are my logs. I accidently posted the adware log twice and can't delete it because it takes too long to scroll down and find it. My system was working great this afternoon. But all progress has been lost.
 
Thank you for your quick responses and continued attention.
 
Erin
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by erine (22-09-2021 17:06:34) Run:1
Running from C:\Users\erine\Desktop
Loaded Profiles: erine
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> DefaultScope {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
SearchScopes: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001 -> {76BA70CC-4A17-4886-9A3D-AB84718B94D9} URL = 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
S3 MpKsl272126af; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BB6FCA4-EC78-481E-B3AE-71645FD90A47}\MpKslDrv.sys [X]
2021-09-22 04:04 - 2021-09-22 04:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-09-22 03:58 - 2021-09-22 03:58 - 011105408 _____ (McAfee, LLC) C:\Users\erine\Desktop\MCPR.exe
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\erine\AppData\Local\GoToMeeting\18705\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\erine\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll => No File
Emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76BA70CC-4A17-4886-9A3D-AB84718B94D9} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
MpKsl272126af => service not found.
C:\WINDOWS\system32\Tasks\McAfee => moved successfully
C:\Users\erine\Desktop\MCPR.exe => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKU\S-1-5-21-3707107645-3133845480-1438675409-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 5242880 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 245714000 B
Java, Flash, Steam htmlcache => 500877915 B
Windows/system/drivers => 26878522 B
Edge => 16382108 B
Chrome => 926343727 B
Firefox => 1139143326 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 26047778 B
erine => 87836772 B
 
RecycleBin => 163460 B
EmptyTemp: => 2.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:15:37 ====

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-22-2021
# Duration: 00:00:32
# OS:       Windows 10 Home
# Scanned:  31991
# Detected: 23
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             AVG Secure Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-22-2021
# Duration: 00:00:32
# OS:       Windows 10 Home
# Scanned:  31991
# Detected: 23
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             AVG Secure Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Erin.

 

It sees that the AdwCleaner log is not complete. Can you please try to post it once again? You can also attach the text file for me, if it's easier for you.


  • 0

#8
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hi,

 

What I copied was all that was in the log. I ran the scan again and below is the new log - there does seem to be more info in this one.

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-23-2021
# Duration: 00:00:23
# OS:       Windows 10 Home
# Scanned:  31995
# Detected: 23
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             AVG Secure Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Users\erine\Documents\DELL\SUPPORTASSIST 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C37B4CFA-631B-49AF-BF09-692DCA436213}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C37B4CFA-631B-49AF-BF09-692DCA436213}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate 
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
 
 
AdwCleaner[S00].txt - [4415 octets] - [22/09/2021 19:27:52]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Thank you!

 

I will be back soon. :)


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Ready. :)
 
 
1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Registry and Chromium parts of the log, are PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally I don't keep anything I do not use/need, but this is your computer, so your decision. Since you are experiencing performance issues, uninstalling this software may help. 

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The eset.txt
  3. Feedback: how is the computer running now?

  • 1

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello.

 

Are you still with me?


  • 0

#12
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

I'm sorry for not responding earlier. Getting this computer to work consumed my life for a few days and I needed to take a break to get some work done. I'm diving back in now!

 

Erin


  • 0

#13
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Below is the AdwCleaner log. The ESET scan is still scanning - it's going on 8+ hours. I'll post it once its done.

 

 

Here is the AdwCleaner Clean Log

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-25-2021
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  6
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Not Deleted   AVG Secure Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [4415 octets] - [22/09/2021 19:27:52]
AdwCleaner[S01].txt - [4476 octets] - [23/09/2021 00:29:28]
AdwCleaner[S02].txt - [4537 octets] - [25/09/2021 13:46:54]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

  • 0

#14
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

And below is the eset log. My computer has been running fine the last day or two. I think Chrome might have been contributing to the issues. Once I reset it to all the default settings and removed all browser extensions, the computer was back to normal.

 

9/26/2021 1:39:35 AM
Files scanned: 865879
Detected files: 3
Cleaned files: 3
Total scan time 09:02:30
Scan status: Finished
C:\Users\erine\Downloads\Detection.exe a variant of Win64/SystemRequirementsLab.A potentially unwanted application cleaned by deleting
 
F:\FileHistory\erine\DESKTOP-0OR6TUF\Data\C\Users\erine\Downloads\Detection (2021_05_05 00_11_03 UTC).exe a variant of Win64/SystemRequirementsLab.A potentially unwanted application cleaned by deleting
 
F:\Old Desktop 12.2018\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application cleaned by deleting

  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Erin.

 

Eset detectes Detection.exe and mp3rocket.exe as potentially unwanted/unsafe applications.

 

Let me see fresh FRST logs now please, Addition.txt and FRST.txt (Attached).


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP