Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer suddenly grew sluggish a few weeks ago and needs examined


  • Please log in to reply

#61
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Shaun (administrator) on DESKTOP-CMF42HE (Dell Inc. Inspiron 3268) (17-11-2021 12:51:16)
Running from C:\Users\Shaun\Desktop
Loaded Profiles: Shaun
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\Run: [MicrosoftEdgeAutoLaunch_F95D26AAF271BBEFBD774A1AC86EDFBB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0861B6DD-B11B-4A92-8AA4-8DF313B7E57C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DA0A998-463B-4E6B-A472-AC95C14098FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CFBB38E-CCB8-4303-9A3F-9B458DCF59A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)
Task: {431DD6D1-BCE3-467C-906B-CEB8261A3C5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E90FAA0-1D6D-4C6C-AA9C-118590D4B3C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F0182FA-6753-4AF4-B05F-79D5EBF7F7A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {869CB8C9-7E7A-42E6-99B5-2772D7DB946F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {B60A86DD-41FB-4C29-9650-2CAA5912F13E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {BD84FB14-8B74-49D8-8A70-A971C0D6264D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF5C58FA-2320-4040-8D7D-C54E1150BBBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5C5D9FE-71AA-4F4C-80EC-2BE90CD5BD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-04] (Google Inc -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a34b5ba2-caa7-466d-8e8b-218689f670f4}: [DhcpNameServer] 71.10.216.2 71.10.216.1
Tcpip\..\Interfaces\{d22675a4-b80a-4f81-a851-395f465b7280}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Shaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-17]
Edge DownloadDir: Default -> C:\Users\Shaun\Desktop
Edge HomePage: Default -> hxxp://www.google.com/
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default [2021-11-17]
CHR Extension: (Slides) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-04]
CHR Extension: (Docs) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-04]
CHR Extension: (Google Drive) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-17]
CHR Extension: (YouTube) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-04]
CHR Extension: (Sheets) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-23]
CHR Extension: (Gmail) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-17]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [301768 2019-08-12] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-10-12] (Dell Inc -> )
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel® RMT -> Intel Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-17 12:44 - 2021-11-17 12:44 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-11-17 12:38 - 2021-11-17 12:38 - 000008857 _____ C:\Users\Shaun\Desktop\Fixlog.txt
2021-11-16 14:47 - 2021-11-16 14:51 - 000026150 _____ C:\Users\Shaun\Desktop\Addition.txt
2021-11-16 14:41 - 2021-11-17 12:53 - 000015287 _____ C:\Users\Shaun\Desktop\FRST.txt
2021-11-16 06:58 - 2021-11-16 06:58 - 000000000 ____D C:\Users\Shaun\Desktop\FRST-OlderVersion
2021-11-16 06:57 - 2021-11-17 12:52 - 000000000 ____D C:\FRST
2021-11-16 06:55 - 2021-11-16 06:58 - 002311680 _____ (Farbar) C:\Users\Shaun\Desktop\FRST64.exe
2021-11-15 06:30 - 2021-11-15 06:30 - 000000000 ____D C:\WINDOWS\{20D7CF3A-C734-4F83-AD51-4EEB6D891407}
2021-11-13 06:59 - 2021-11-15 07:09 - 000019415 _____ C:\VEW.txt
2021-11-13 06:56 - 2021-11-13 06:56 - 000061440 _____ ( ) C:\Users\Shaun\Desktop\VEW.exe
2021-11-11 07:28 - 2021-11-11 07:28 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-11 07:27 - 2021-11-11 07:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-11 07:27 - 2021-11-11 07:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-11 07:26 - 2021-11-11 07:26 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 06:43 - 2021-11-11 06:43 - 000000000 ___HD C:\$WinREAgent
2021-11-03 18:33 - 2021-11-03 18:33 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 18:33 - 2021-11-03 18:33 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-19 14:04 - 2021-10-19 14:04 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-17 12:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-17 12:46 - 2019-06-04 16:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-17 12:46 - 2018-03-13 21:28 - 000000000 __SHD C:\Users\Shaun\IntelGraphicsProfiles
2021-11-17 12:44 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-17 12:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-17 12:41 - 2020-11-17 12:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-17 12:41 - 2020-11-17 12:17 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-17 12:41 - 2017-08-21 13:38 - 000000000 ____D C:\Intel
2021-11-17 12:40 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-17 12:30 - 2020-11-17 12:37 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{839F4962-EE57-40F5-8E52-E3261F4F060A}
2021-11-17 12:01 - 2020-11-17 12:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-16 17:23 - 2019-06-04 16:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-16 17:23 - 2019-06-04 16:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-16 15:25 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-15 06:48 - 2018-03-15 16:40 - 000000000 ____D C:\Users\Shaun\AppData\Local\Packages
2021-11-14 05:38 - 2020-06-23 16:22 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-14 05:38 - 2020-06-23 16:22 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-12 10:25 - 2020-11-17 12:32 - 000842482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-11 22:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-11-11 18:58 - 2017-08-21 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-11 07:40 - 2020-11-17 12:17 - 000436680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 07:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 07:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 07:35 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 06:39 - 2018-03-15 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 06:37 - 2018-03-15 00:33 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-05 16:33 - 2017-08-21 13:26 - 000000000 ____D C:\ProgramData\PCDr
2021-11-05 06:29 - 2020-11-17 12:37 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1717062034-1452997292-2084382277-1001
2021-11-05 06:29 - 2020-11-17 04:20 - 000002385 _____ C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-02 13:33 - 2018-05-10 08:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== Files in the root of some directories ========
 
2021-11-13 06:49 - 2021-11-13 06:53 - 000004020 _____ () C:\Users\Shaun\AppData\Local\PlariumPlay.log
2021-10-16 18:00 - 2021-10-16 18:00 - 000007639 _____ () C:\Users\Shaun\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

Advertisements


#62
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

FRST addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Shaun (17-11-2021 12:54:47)
Running from C:\Users\Shaun\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-11-17 17:38:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1717062034-1452997292-2084382277-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1717062034-1452997292-2084382277-503 - Limited - Disabled)
Guest (S-1-5-21-1717062034-1452997292-2084382277-501 - Limited - Disabled)
Shaun (S-1-5-21-1717062034-1452997292-2084382277-1001 - Administrator - Enabled) => C:\Users\Shaun
WDAGUtilityAccount (S-1-5-21-1717062034-1452997292-2084382277-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{388A412B-5C0C-4C1E-8BF7-B6E9E117F367}) (Version: 4.4.2.9869 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{4990dc23-fdee-4fec-8bde-9f5d4745f88b}) (Version: 4.4.2.9869 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.4.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2105.15.0.2157 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.0.0_x64__htrsf667h5kn2 [2021-08-06] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-09-14] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-11-17] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.10.188.0_x64__rz1tebttyb220 [2021-10-13] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-14] (Dropbox Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-17] (INTEL CORP) [Startup Task]
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-28] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2021.922.2.0_x64__8kea50m9krsh2 [2021-10-17] (Code Spark)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-02-12] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-28] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-03-13] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-13] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-17] (CYBERLINK CORPORATION.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2020-02-12] (WinZip Computing)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> DefaultScope {E41F9496-1A62-486C-9355-D9712E136A11} URL = 
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1717062034-1452997292-2084382277-1001 -> {E41F9496-1A62-486C-9355-D9712E136A11} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1717062034-1452997292-2084382277-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D6D82AB8-7573-4306-B294-8C0551FEEBFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA3867D6-C96D-4988-84E6-9CFB646891D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1166ABA-0253-4F4C-BFC8-55EA6B210B59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEFED289-A9BD-4E00-A406-9C856B93530A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{451E4A60-3F60-4D45-A5F5-4D2E3476E406}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F246379C-7631-4B14-9722-8ACB26529DD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{93DE25E0-C857-4E34-B40E-2B1A8958171D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9F90F39-4A4D-4DB5-AF35-A02898A86185}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B4DC056-D39C-4303-ABAA-14A0E2B50B43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3196DE9A-614F-43A3-905F-89C964A41E9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65FFA6C5-7D25-4481-BAD8-F7A4C292186A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{362A7311-E00C-4814-9DE9-6F03F93A2F59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{297FF032-C880-4004-9508-935C8D27FEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{58B0A977-3FE2-4402-9AE8-D58BD704BA15}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{89324770-7F64-4072-A9B7-C202F98B0C0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
24-10-2021 04:17:38 O&O ShutUp10++
02-11-2021 14:24:30 Scheduled Checkpoint
10-11-2021 06:39:25 Windows Modules Installer
11-11-2021 06:40:35 Windows Modules Installer
15-11-2021 06:48:20 Removed SmartByte Drivers and Services.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/17/2021 12:39:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CMF42HE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.17.1 07/30/2021
Motherboard: Dell Inc. 07F37C
Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 86%
Total physical RAM: 4004.03 MB
Available physical RAM: 559.11 MB
Total Virtual: 9636.03 MB
Available Virtual: 5485.11 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.8 GB) (Free:853.93 GB) NTFS
 
\\?\Volume{5628e818-bc28-416b-a394-320b3ab3447d}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{559769b0-1b03-4394-9f4c-5b80ce85e54f}\ (Image) (Fixed) (Total:11.54 GB) (Free:0.2 GB) NTFS
\\?\Volume{756d53f9-9b75-42ea-b8ab-c09b2a7e718e}\ (DELLSUPPORT) (Fixed) (Total:1.04 GB) (Free:0.35 GB) NTFS
\\?\Volume{dee77eb3-7747-412e-a909-4f920ff25df5}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 433315AF)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

Looks OK.  Run MBAR to make sure there is nothing hiding from us.

 

https://www.malwareb...com/antirootkit

 

Hit Download.  Save the file then right click and Run as Admin. 


  • 0

#64
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

I scanned with Malwarebytes and nothing was found. It produced no log.


  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

OK just wanted to check because the only error we had referred to {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} which is sometimes attacked by a Powerliks infection.  (It's also a very common Win 10 error).

 

Is it booting OK now?


  • 0

#66
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Yes, it seems to be.


  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

OK.  I'd hang on to VEW & FRST in case it has a relapse.


  • 0

#68
Warship

Warship

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Thanks for everything. Will do.


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP