I was watching videos that I shouldn't have been watching and started getting multiple pop-up ads. I uninstalled Chrome after the fact.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
Ran by jeffl (administrator) on HOME (Dell Inc. Inspiron 15 5510) (02-08-2023 19:36:22)
Running from C:\Users\jeffl\Desktop\FRST64.exe
Loaded Profiles: jeffl
Platform: Microsoft Windows 11 Home Version 22H2 22621.2070 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe <13>
(DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_15c9ea6001a5206d\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_524cec1494781ee1\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8a4323c80a901a5c\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d4564390a9b1e980\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe <3>
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\GoodixSessionService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSysSvc64.exe
(svchost.exe ->) (DELL) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe [1646392 2023-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe [5083776 2023-02-15] (Waves Inc -> Waves Audio Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\Run: [MicrosoftEdgeAutoLaunch_19ED078C47B4BAE83F1956018108AD60] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4088256 2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TS6300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFQ.DLL [529408 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6300 series: C:\WINDOWS\system32\CNMLMFQ.DLL [959488 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38B9DB19-F3FE-4AD0-B6BD-D31FAE8C42EE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {295871EF-DDEF-4098-BE0D-68C2237715BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26910088 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAD1A408-7668-47A2-8865-B70E1EADABC1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26910088 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {B32F4C6C-7AB1-4C65-9D17-87874FA118DA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158616 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A7E8B32-2A5B-465D-A786-832C36A2CF9C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158616 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC0CE75A-5205-4D86-B4FF-A871368873B2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {26349585-AF71-427B-9906-239CC0A6752C} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4191029877-289302484-2075726046-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C7C1A68C-B27E-460D-BF67-96EF4E6B102B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.20.0.1
Tcpip\..\Interfaces\{2a102f1d-ebd1-4076-af7e-a61feb727f94}: [DhcpNameServer] 172.20.0.1
Tcpip\..\Interfaces\{73c3aa80-e907-4ccc-8043-a4f61360916f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-02]
Edge Notifications: Default -> hxxps://www.ticketmaster.com
Edge HomePage: Default -> hxxp://www.msn.com/?pc=DCTE
Edge Extension: (Amazon Assistant) - C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-29]
Edge Extension: (Edge relevant text changes) - C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-26]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11816840 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2023-05-15] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-06-07] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\\AS\\IAS\\IntelAudioService.exe [543352 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-27] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-27] (Rivet Networks, LLC.) [File not signed]
R2 SessionSvc; C:\WINDOWS\System32\drivers\GoodixSessionService.exe [44160 2021-03-18] (Shenzhen Goodix Technology Co., Ltd. -> Goodix)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256608 2022-06-29] (Intel Corporation -> Intel Corporation)
R2 WavesAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe [160896 2023-02-15] (Waves Inc -> Waves Audio Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 AX88179; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [137040 2021-01-20] (GENESYS LOGIC, INC. -> Genesys Logic)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-28] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_cb2075debe05eee2\IntcUSB.sys [920688 2022-11-24] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-08-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\ptusbews.sys [76280 2022-03-30] (WDKTestCert han.yu,130842677139774357 -> Zhuhai Pantum Electronics Co.,Ltd.)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008872 2022-09-20] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-27] (Intel Corporation -> Rivet Networks, LLC.)
S3 t6sta; C:\WINDOWS\System32\Drivers\t6sta.sys [166696 2022-05-31] (MAGIC CONTROL TECHNOLOGY CORPORATION -> Magic Control Technology Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2023-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [498944 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-02 19:36 - 2023-08-02 19:36 - 000022751 _____ C:\Users\jeffl\Desktop\FRST.txt
2023-08-02 19:35 - 2023-08-02 19:36 - 000000000 ____D C:\FRST
2023-08-02 19:35 - 2023-08-02 19:35 - 002700800 _____ (Farbar) C:\Users\jeffl\Desktop\FRST64.exe
2023-08-02 19:35 - 2023-08-02 19:35 - 000000000 ____D C:\Users\jeffl\Desktop\FRST-OlderVersion
2023-08-02 19:26 - 2023-08-02 19:29 - 043163603 _____ C:\Users\jeffl\Downloads\Unconfirmed 37229.crdownload
2023-08-02 19:21 - 2023-08-02 19:21 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-08-02 19:21 - 2023-08-02 19:21 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-08-02 19:21 - 2023-08-02 19:21 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-08-02 19:19 - 2023-08-02 19:19 - 000000000 ____D C:\Users\jeffl\AppData\Local\MBAM
2023-08-02 19:17 - 2023-08-02 19:22 - 000000000 ____D C:\Users\jeffl\AppData\Local\Malwarebytes
2023-08-02 19:17 - 2023-08-02 19:21 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-02 19:17 - 2023-08-02 19:17 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-5.5.exe
2023-08-02 19:09 - 2023-08-02 19:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-02 19:09 - 2023-08-02 19:17 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-02 19:09 - 2023-08-02 19:09 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4 (2).exe
2023-08-02 19:09 - 2023-08-02 19:09 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4 (1).exe
2023-08-02 19:08 - 2023-08-02 19:08 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4.exe
2023-08-02 19:06 - 2023-08-02 19:06 - 000000000 ____D C:\AdwCleaner
2023-08-02 19:05 - 2023-08-02 19:05 - 008791352 _____ (Malwarebytes) C:\Users\jeffl\Downloads\adwcleaner.exe
2023-08-02 19:02 - 2023-08-02 19:02 - 000470400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-01 07:14 - 2023-08-01 07:14 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4191029877-289302484-2075726046-1001
2023-08-01 07:14 - 2023-08-01 07:14 - 000002381 _____ C:\Users\jeffl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-22 13:57 - 2023-07-22 13:57 - 000101847 _____ C:\Users\jeffl\Desktop\download.pdf
2023-07-17 17:51 - 2023-07-17 17:52 - 001053680 _____ C:\Users\jeffl\Desktop\Lobertini-Erie-Home.pdf
2023-07-17 17:44 - 2023-07-17 17:44 - 000336574 _____ C:\Users\jeffl\Desktop\Lobertini-Erie-Auto.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-02 19:29 - 2022-03-16 21:14 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2023-08-02 19:22 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-02 19:21 - 2022-05-07 00:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-08-02 19:19 - 2022-10-09 11:56 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-02 19:19 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-02 19:19 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2023-08-02 19:16 - 2022-05-07 00:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-02 19:15 - 2022-04-16 17:34 - 000000000 ____D C:\Users\jeffl\AppData\Local\Google
2023-08-02 19:15 - 2022-04-16 17:34 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-02 19:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-02 19:12 - 2022-04-16 17:22 - 000000000 ___RD C:\Users\jeffl\OneDrive
2023-08-02 19:11 - 2023-04-03 19:27 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-02 19:11 - 2022-10-09 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-02 19:11 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-02 19:11 - 2022-05-07 00:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-08-02 19:11 - 2022-04-16 17:20 - 000000000 __SHD C:\Users\jeffl\IntelGraphicsProfiles
2023-08-02 19:11 - 2022-03-16 21:10 - 000000000 ____D C:\Intel
2023-08-02 19:02 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-02 18:28 - 2022-03-16 21:22 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-02 18:11 - 2022-10-09 11:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-31 18:24 - 2023-05-11 14:42 - 000000000 ____D C:\Users\jeffl\AppData\Local\CrashDumps
2023-07-30 12:00 - 2023-04-27 08:56 - 000000000 ____D C:\Users\jeffl\AppData\Local\Spark Desktop
2023-07-30 11:06 - 2022-10-09 11:59 - 000000000 ____D C:\Users\jeffl\AppData\Local\D3DSCache
2023-07-29 12:33 - 2022-10-09 11:55 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4191029877-289302484-2075726046-1001
2023-07-27 19:14 - 2022-03-16 21:21 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-27 18:31 - 2022-10-20 20:12 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-07-27 18:30 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-27 18:20 - 2022-04-17 18:53 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-27 18:20 - 2022-03-16 21:10 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-26 17:57 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\UUS
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-07-26 17:19 - 2022-10-09 11:52 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-24 17:29 - 2022-03-16 21:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-15 08:44 - 2023-04-27 08:56 - 000002599 _____ C:\Users\jeffl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Desktop.lnk
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-12 06:31 - 2022-04-16 17:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-12 06:29 - 2022-04-16 17:39 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-11 16:31 - 2022-10-09 11:55 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 16:31 - 2022-10-09 11:55 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-05 17:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by jeffl (02-08-2023 19:37:15)
Running from C:\Users\jeffl\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2070 (X64) (2022-10-09 16:56:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4191029877-289302484-2075726046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4191029877-289302484-2075726046-503 - Limited - Disabled)
Guest (S-1-5-21-4191029877-289302484-2075726046-501 - Limited - Disabled)
jeffl (S-1-5-21-4191029877-289302484-2075726046-1001 - Administrator - Enabled) => C:\Users\jeffl
WDAGUtilityAccount (S-1-5-21-4191029877-289302484-2075726046-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon TS6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6300_series) (Version: 1.02 - Canon Inc.)
dch_setup (HKLM-x32\...\{A3D7010D-9219-4310-87A4-6A2C1FEB0B0E}) (Version: 1.50.0.0 - eshrago) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{A21A0E9A-A083-47C6-AEAA-695348A25779}) (Version: 5.0.71.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E2DCC087-13A9-4BF3-AA0E-B42645D87C8E}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3671ea45-970e-4390-8c93-a3c5ba77107b}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fingerprint Sensor Driver (HKLM-x32\...\{D9C19E6E-4403-4DDF-B290-ECFAE2072FF9}) (Version: 20.6.0.7 - Realtek Semiconductor Corp.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Integrated Sensor Solution (HKLM-x32\...\{b964fe76-ac8c-4729-979c-f500381293bc}) (Version: 3.10.100.4477 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{bddd55ff-828e-4d3d-90dd-cdcc8076d5ba}) (Version: 22.200.2.1 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{EE1CCB33-2AB5-4B86-ABD0-DF641146B55B}) (Version: 3.10.100.4477 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\OneDriveSetup.exe) (Version: 23.156.0726.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9481.1 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 1153.9.0823.2022 - Realtek)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Spark Desktop 3.6.6 (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\09e2d43b-2e9a-5a23-a54c-87838a95fcb3) (Version: 3.6.6 - Spark Mail Limited)
TbtLegacyPlug (HKLM-x32\...\{488D2737-A8BE-4F2A-8A9B-AEFF2DB8833F}) (Version: 18.0.0.0 - eshrago) Hidden
Thunderbolt™ Software (HKLM-x32\...\{a5912cb2-365b-4cb4-9917-602376a90f9b}) (Version: 1.50.0.0 - Intel® Corporation)
YouTube TV (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\db9353651c00ded7dc845c7979e58fd8) (Version: 1.0 - Google\Chrome)
Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1156.0_x64__22t9g3sebte08 [2023-07-12] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-10-09] (INTEL CORP)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-22] (Canon Inc.)
Canon Inkjet Smart Connect -> C:\Program Files\WindowsApps\34791E63.CanonInkjetSmartConnect_1.4.2.0_x64__6e5tt8cgb93ep [2023-07-31] (Canon Inc.) [Startup Task]
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-10-09] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-10] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.71.0_x64__htrsf667h5kn2 [2023-07-02] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-05-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86__htrsf667h5kn2 [2023-05-15] (Dell Inc)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.57.2.0_x64__6rarf9sa4v8jt [2023-07-19] (Disney)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-07-26] (Meta)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-07-26] (Instagram)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-28] (INTEL CORP)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14003.0_x64__8wekyb3d8bbwe [2023-05-23] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-07-26] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-27] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.4.0_x64__htrsf667h5kn2 [2023-02-23] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-06] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-26] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2021 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2021_4.0.53.0_x64__fh4rh281wavaa [2023-07-02] (Waves Audio)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-07-26] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{157A7F8D-CE70-4664-951F-D4867A941582}\localserver32 -> C:\Users\jeffl\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe (Spark Mail Limited -> Spark Mail Limited)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-04-22 20:04 - 2013-03-24 04:00 - 000391168 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMBX.DLL
2018-03-08 06:18 - 2018-03-08 06:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 19:57 - 2020-11-11 19:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 16:25 - 2018-02-06 16:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 11:10 - 2018-03-23 11:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 03:19 - 2021-02-17 03:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 04:45 - 2021-12-17 04:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 07:55 - 2016-12-18 07:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\jeffl\Downloads\MBSetup-5.5.exe:MBAM.Zone.Identifier [376]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Edited by jeffloby, 03 August 2023 - 07:04 PM.