Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome Browser pop-ups [Solved]

Started by jeffloby , Aug 02 2023 06:47 PM

  • This topic is locked This topic is locked

#1
jeffloby
Posted 02 August 2023 - 06:47 PM

jeffloby

    Member

  • Member
  • PipPip
  • 54 posts

I was watching videos that I shouldn't have been watching and started getting multiple pop-up ads.  I uninstalled Chrome after the fact.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
Ran by jeffl (administrator) on HOME (Dell Inc. Inspiron 15 5510) (02-08-2023 19:36:22)
Running from C:\Users\jeffl\Desktop\FRST64.exe
Loaded Profiles: jeffl
Platform: Microsoft Windows 11 Home Version 22H2 22621.2070 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe <13>
(DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_1e611bd77bc260c3\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_15c9ea6001a5206d\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_524cec1494781ee1\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8a4323c80a901a5c\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d4564390a9b1e980\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe <3>
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\GoodixSessionService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSysSvc64.exe
(svchost.exe ->) (DELL) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe [1646392 2023-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe [5083776 2023-02-15] (Waves Inc -> Waves Audio Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\Run: [MicrosoftEdgeAutoLaunch_19ED078C47B4BAE83F1956018108AD60] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4088256 2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TS6300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFQ.DLL [529408 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6300 series: C:\WINDOWS\system32\CNMLMFQ.DLL [959488 2020-06-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {38B9DB19-F3FE-4AD0-B6BD-D31FAE8C42EE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {295871EF-DDEF-4098-BE0D-68C2237715BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26910088 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAD1A408-7668-47A2-8865-B70E1EADABC1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26910088 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {B32F4C6C-7AB1-4C65-9D17-87874FA118DA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158616 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A7E8B32-2A5B-465D-A786-832C36A2CF9C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158616 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC0CE75A-5205-4D86-B4FF-A871368873B2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {26349585-AF71-427B-9906-239CC0A6752C} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4191029877-289302484-2075726046-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C7C1A68C-B27E-460D-BF67-96EF4E6B102B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.0.1
Tcpip\..\Interfaces\{2a102f1d-ebd1-4076-af7e-a61feb727f94}: [DhcpNameServer] 172.20.0.1
Tcpip\..\Interfaces\{73c3aa80-e907-4ccc-8043-a4f61360916f}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-02]
Edge Notifications: Default -> hxxps://www.ticketmaster.com
Edge HomePage: Default -> hxxp://www.msn.com/?pc=DCTE
Edge Extension: (Amazon Assistant) - C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-29]
Edge Extension: (Edge relevant text changes) - C:\Users\jeffl\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-26]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11816840 2023-07-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2023-05-15] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-06-07] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\\AS\\IAS\\IntelAudioService.exe [543352 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-27] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-27] (Rivet Networks, LLC.) [File not signed]
R2 SessionSvc; C:\WINDOWS\System32\drivers\GoodixSessionService.exe [44160 2021-03-18] (Shenzhen Goodix Technology Co., Ltd. -> Goodix)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256608 2022-06-29] (Intel Corporation -> Intel Corporation)
R2 WavesAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe [160896 2023-02-15] (Waves Inc -> Waves Audio Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 AX88179; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [137040 2021-01-20] (GENESYS LOGIC, INC. -> Genesys Logic)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-28] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_cb2075debe05eee2\IntcUSB.sys [920688 2022-11-24] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-08-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\ptusbews.sys [76280 2022-03-30] (WDKTestCert han.yu,130842677139774357 -> Zhuhai Pantum Electronics Co.,Ltd.)
S3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_23312dee5c4e1993\rtu53cx22x64.sys [1008872 2022-09-20] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-27] (Intel Corporation -> Rivet Networks, LLC.)
S3 t6sta; C:\WINDOWS\System32\Drivers\t6sta.sys [166696 2022-05-31] (MAGIC CONTROL TECHNOLOGY CORPORATION -> Magic Control Technology Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2023-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [498944 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-08-02 19:36 - 2023-08-02 19:36 - 000022751 _____ C:\Users\jeffl\Desktop\FRST.txt
2023-08-02 19:35 - 2023-08-02 19:36 - 000000000 ____D C:\FRST
2023-08-02 19:35 - 2023-08-02 19:35 - 002700800 _____ (Farbar) C:\Users\jeffl\Desktop\FRST64.exe
2023-08-02 19:35 - 2023-08-02 19:35 - 000000000 ____D C:\Users\jeffl\Desktop\FRST-OlderVersion
2023-08-02 19:26 - 2023-08-02 19:29 - 043163603 _____ C:\Users\jeffl\Downloads\Unconfirmed 37229.crdownload
2023-08-02 19:21 - 2023-08-02 19:21 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-08-02 19:21 - 2023-08-02 19:21 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-08-02 19:21 - 2023-08-02 19:21 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-08-02 19:19 - 2023-08-02 19:19 - 000000000 ____D C:\Users\jeffl\AppData\Local\MBAM
2023-08-02 19:17 - 2023-08-02 19:22 - 000000000 ____D C:\Users\jeffl\AppData\Local\Malwarebytes
2023-08-02 19:17 - 2023-08-02 19:21 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-02 19:17 - 2023-08-02 19:17 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-5.5.exe
2023-08-02 19:09 - 2023-08-02 19:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-02 19:09 - 2023-08-02 19:17 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-02 19:09 - 2023-08-02 19:09 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4 (2).exe
2023-08-02 19:09 - 2023-08-02 19:09 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4 (1).exe
2023-08-02 19:08 - 2023-08-02 19:08 - 002606880 _____ (Malwarebytes) C:\Users\jeffl\Downloads\MBSetup-4.4.exe
2023-08-02 19:06 - 2023-08-02 19:06 - 000000000 ____D C:\AdwCleaner
2023-08-02 19:05 - 2023-08-02 19:05 - 008791352 _____ (Malwarebytes) C:\Users\jeffl\Downloads\adwcleaner.exe
2023-08-02 19:02 - 2023-08-02 19:02 - 000470400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-01 07:14 - 2023-08-01 07:14 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4191029877-289302484-2075726046-1001
2023-08-01 07:14 - 2023-08-01 07:14 - 000002381 _____ C:\Users\jeffl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-22 13:57 - 2023-07-22 13:57 - 000101847 _____ C:\Users\jeffl\Desktop\download.pdf
2023-07-17 17:51 - 2023-07-17 17:52 - 001053680 _____ C:\Users\jeffl\Desktop\Lobertini-Erie-Home.pdf
2023-07-17 17:44 - 2023-07-17 17:44 - 000336574 _____ C:\Users\jeffl\Desktop\Lobertini-Erie-Auto.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-08-02 19:29 - 2022-03-16 21:14 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2023-08-02 19:22 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-02 19:21 - 2022-05-07 00:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-08-02 19:19 - 2022-10-09 11:56 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-02 19:19 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-02 19:19 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2023-08-02 19:16 - 2022-05-07 00:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-02 19:15 - 2022-04-16 17:34 - 000000000 ____D C:\Users\jeffl\AppData\Local\Google
2023-08-02 19:15 - 2022-04-16 17:34 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-02 19:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-02 19:12 - 2022-04-16 17:22 - 000000000 ___RD C:\Users\jeffl\OneDrive
2023-08-02 19:11 - 2023-04-03 19:27 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-02 19:11 - 2022-10-09 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-02 19:11 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-02 19:11 - 2022-05-07 00:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-08-02 19:11 - 2022-04-16 17:20 - 000000000 __SHD C:\Users\jeffl\IntelGraphicsProfiles
2023-08-02 19:11 - 2022-03-16 21:10 - 000000000 ____D C:\Intel
2023-08-02 19:02 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-02 18:28 - 2022-03-16 21:22 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-02 18:11 - 2022-10-09 11:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-31 18:24 - 2023-05-11 14:42 - 000000000 ____D C:\Users\jeffl\AppData\Local\CrashDumps
2023-07-30 12:00 - 2023-04-27 08:56 - 000000000 ____D C:\Users\jeffl\AppData\Local\Spark Desktop
2023-07-30 11:06 - 2022-10-09 11:59 - 000000000 ____D C:\Users\jeffl\AppData\Local\D3DSCache
2023-07-29 12:33 - 2022-10-09 11:55 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4191029877-289302484-2075726046-1001
2023-07-27 19:14 - 2022-03-16 21:21 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-27 18:31 - 2022-10-20 20:12 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-07-27 18:30 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-27 18:20 - 2022-04-17 18:53 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-27 18:20 - 2022-03-16 21:10 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-26 17:57 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\UUS
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-26 17:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-07-26 17:19 - 2022-10-09 11:52 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-24 17:29 - 2022-03-16 21:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-15 08:44 - 2023-04-27 08:56 - 000002599 _____ C:\Users\jeffl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Desktop.lnk
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-12 17:10 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-12 06:31 - 2022-04-16 17:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-12 06:29 - 2022-04-16 17:39 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-11 16:31 - 2022-10-09 11:55 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 16:31 - 2022-10-09 11:55 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-05 17:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by jeffl (02-08-2023 19:37:15)
Running from C:\Users\jeffl\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2070 (X64) (2022-10-09 16:56:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4191029877-289302484-2075726046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4191029877-289302484-2075726046-503 - Limited - Disabled)
Guest (S-1-5-21-4191029877-289302484-2075726046-501 - Limited - Disabled)
jeffl (S-1-5-21-4191029877-289302484-2075726046-1001 - Administrator - Enabled) => C:\Users\jeffl
WDAGUtilityAccount (S-1-5-21-4191029877-289302484-2075726046-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon TS6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6300_series) (Version: 1.02 - Canon Inc.)
dch_setup (HKLM-x32\...\{A3D7010D-9219-4310-87A4-6A2C1FEB0B0E}) (Version: 1.50.0.0 - eshrago) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{A21A0E9A-A083-47C6-AEAA-695348A25779}) (Version: 5.0.71.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E2DCC087-13A9-4BF3-AA0E-B42645D87C8E}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3671ea45-970e-4390-8c93-a3c5ba77107b}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fingerprint Sensor Driver (HKLM-x32\...\{D9C19E6E-4403-4DDF-B290-ECFAE2072FF9}) (Version: 20.6.0.7 - Realtek Semiconductor Corp.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Integrated Sensor Solution (HKLM-x32\...\{b964fe76-ac8c-4729-979c-f500381293bc}) (Version: 3.10.100.4477 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{bddd55ff-828e-4d3d-90dd-cdcc8076d5ba}) (Version: 22.200.2.1 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{EE1CCB33-2AB5-4B86-ABD0-DF641146B55B}) (Version: 3.10.100.4477 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\OneDriveSetup.exe) (Version: 23.156.0726.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9481.1 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 1153.9.0823.2022 - Realtek)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Spark Desktop 3.6.6 (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\09e2d43b-2e9a-5a23-a54c-87838a95fcb3) (Version: 3.6.6 - Spark Mail Limited)
TbtLegacyPlug (HKLM-x32\...\{488D2737-A8BE-4F2A-8A9B-AEFF2DB8833F}) (Version: 18.0.0.0 - eshrago) Hidden
Thunderbolt™ Software (HKLM-x32\...\{a5912cb2-365b-4cb4-9917-602376a90f9b}) (Version: 1.50.0.0 - Intel® Corporation)
YouTube TV (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\db9353651c00ded7dc845c7979e58fd8) (Version: 1.0 - Google\Chrome)
 
Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1156.0_x64__22t9g3sebte08 [2023-07-12] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-10-09] (INTEL CORP)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-22] (Canon Inc.)
Canon Inkjet Smart Connect -> C:\Program Files\WindowsApps\34791E63.CanonInkjetSmartConnect_1.4.2.0_x64__6e5tt8cgb93ep [2023-07-31] (Canon Inc.) [Startup Task]
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-10-09] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-10] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.71.0_x64__htrsf667h5kn2 [2023-07-02] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-05-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86__htrsf667h5kn2 [2023-05-15] (Dell Inc)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.57.2.0_x64__6rarf9sa4v8jt [2023-07-19] (Disney)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-07-26] (Meta)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-07-26] (Instagram)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-28] (INTEL CORP)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14003.0_x64__8wekyb3d8bbwe [2023-05-23] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-07-26] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-27] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.4.0_x64__htrsf667h5kn2 [2023-02-23] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-06] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-26] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2021 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2021_4.0.53.0_x64__fh4rh281wavaa [2023-07-02] (Waves Audio)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-07-26] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{157A7F8D-CE70-4664-951F-D4867A941582}\localserver32 -> C:\Users\jeffl\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe (Spark Mail Limited -> Spark Mail Limited)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-04-22 20:04 - 2013-03-24 04:00 - 000391168 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMBX.DLL
2018-03-08 06:18 - 2018-03-08 06:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 19:57 - 2020-11-11 19:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 16:25 - 2018-02-06 16:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 11:10 - 2018-03-23 11:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 03:19 - 2021-02-17 03:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 04:45 - 2021-12-17 04:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 07:55 - 2016-12-18 07:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\jeffl\Downloads\MBSetup-5.5.exe:MBAM.Zone.Identifier [376]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
 

Edited by jeffloby, 03 August 2023 - 07:04 PM.

  • 0

Advertisements

#2
DR M
Posted 04 August 2023 - 02:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

Hi.

 

Are you getting popups now? It seems that you ran Malwarebytes and AdwCleaner tools. What did the scans show?

 

In addition, your second log is not complete. 


  • 0

#3
jeffloby
Posted 04 August 2023 - 05:55 AM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

No pops up that I've seen.  Both Malwarebytes and AdwCleaner found nothing.  I ran both after uninstalling Chrome.  

 

Attached is second log, I might not have copied all of it.  I can re-run tonight.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by jeffl (02-08-2023 19:37:15)
Running from C:\Users\jeffl\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2070 (X64) (2022-10-09 16:56:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4191029877-289302484-2075726046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4191029877-289302484-2075726046-503 - Limited - Disabled)
Guest (S-1-5-21-4191029877-289302484-2075726046-501 - Limited - Disabled)
jeffl (S-1-5-21-4191029877-289302484-2075726046-1001 - Administrator - Enabled) => C:\Users\jeffl
WDAGUtilityAccount (S-1-5-21-4191029877-289302484-2075726046-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon TS6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6300_series) (Version: 1.02 - Canon Inc.)
dch_setup (HKLM-x32\...\{A3D7010D-9219-4310-87A4-6A2C1FEB0B0E}) (Version: 1.50.0.0 - eshrago) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{A21A0E9A-A083-47C6-AEAA-695348A25779}) (Version: 5.0.71.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E2DCC087-13A9-4BF3-AA0E-B42645D87C8E}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3671ea45-970e-4390-8c93-a3c5ba77107b}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fingerprint Sensor Driver (HKLM-x32\...\{D9C19E6E-4403-4DDF-B290-ECFAE2072FF9}) (Version: 20.6.0.7 - Realtek Semiconductor Corp.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Integrated Sensor Solution (HKLM-x32\...\{b964fe76-ac8c-4729-979c-f500381293bc}) (Version: 3.10.100.4477 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{bddd55ff-828e-4d3d-90dd-cdcc8076d5ba}) (Version: 22.200.2.1 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{EE1CCB33-2AB5-4B86-ABD0-DF641146B55B}) (Version: 3.10.100.4477 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\OneDriveSetup.exe) (Version: 23.156.0726.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20000 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9481.1 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 1153.9.0823.2022 - Realtek)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Spark Desktop 3.6.6 (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\09e2d43b-2e9a-5a23-a54c-87838a95fcb3) (Version: 3.6.6 - Spark Mail Limited)
TbtLegacyPlug (HKLM-x32\...\{488D2737-A8BE-4F2A-8A9B-AEFF2DB8833F}) (Version: 18.0.0.0 - eshrago) Hidden
Thunderbolt™ Software (HKLM-x32\...\{a5912cb2-365b-4cb4-9917-602376a90f9b}) (Version: 1.50.0.0 - Intel® Corporation)
YouTube TV (HKU\S-1-5-21-4191029877-289302484-2075726046-1001\...\db9353651c00ded7dc845c7979e58fd8) (Version: 1.0 - Google\Chrome)
 
Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1156.0_x64__22t9g3sebte08 [2023-07-12] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-10-09] (INTEL CORP)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-22] (Canon Inc.)
Canon Inkjet Smart Connect -> C:\Program Files\WindowsApps\34791E63.CanonInkjetSmartConnect_1.4.2.0_x64__6e5tt8cgb93ep [2023-07-31] (Canon Inc.) [Startup Task]
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-10-09] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-10] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.71.0_x64__htrsf667h5kn2 [2023-07-02] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-05-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86__htrsf667h5kn2 [2023-05-15] (Dell Inc)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.57.2.0_x64__6rarf9sa4v8jt [2023-07-19] (Disney)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-07-26] (Meta)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-07-26] (Instagram)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-28] (INTEL CORP)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14003.0_x64__8wekyb3d8bbwe [2023-05-23] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-07-26] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-27] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.4.0_x64__htrsf667h5kn2 [2023-02-23] (Dell Inc)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-06] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-26] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2021 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2021_4.0.53.0_x64__fh4rh281wavaa [2023-07-02] (Waves Audio)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-07-26] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-4191029877-289302484-2075726046-1001_Classes\CLSID\{157A7F8D-CE70-4664-951F-D4867A941582}\localserver32 -> C:\Users\jeffl\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe (Spark Mail Limited -> Spark Mail Limited)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-02] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-04-22 20:04 - 2013-03-24 04:00 - 000391168 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMBX.DLL
2018-03-08 06:18 - 2018-03-08 06:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 19:57 - 2020-11-11 19:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 16:25 - 2018-02-06 16:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 11:10 - 2018-03-23 11:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 03:19 - 2021-02-17 03:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 04:45 - 2021-12-17 04:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 07:55 - 2016-12-18 07:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\jeffl\Downloads\MBSetup-5.5.exe:MBAM.Zone.Identifier [376]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4191029877-289302484-2075726046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jeffl\Downloads\IMG_2501.jpg
DNS Servers: 172.20.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5ED681A6-8337-4643-ADCF-59116DDA6AF4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8DE72C2-922B-4A3D-99DF-4B83D128A757}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3A78A5E8-2D4F-4C25-B45E-389232C0ECD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F9664913-8D21-4C3B-9C74-82275330017B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5B66FFC8-20AD-4FC0-AB0D-DC6009AC2C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{872B53CD-462E-4C1D-98ED-ABCD0D32BFA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{00622BDE-D7CF-4EA5-A095-8B2A02771772}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{078B1916-5A91-4D92-9571-D80C85FB9EF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B25335AD-F1BA-4233-91A3-DA130D5925B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7A419FED-E59C-463E-AEFB-D083B4DCA6F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B50F32F6-3A8B-418D-8F64-DF48C0AB63C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1747E455-8E37-4211-A26C-763F3D931230}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A85CDDF-FC61-4B31-B175-4B5BE99494E6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23195.1511.2279.823_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C27A413-FD82-4CA0-9201-9A8C688C9103}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23195.1511.2279.823_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:219.95 GB) (Free:133.39 GB) (61%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/01/2023 09:24:18 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {08ce7e71-7c06-4e7a-8c77-180bc15681f1}
 
Error: (08/01/2023 09:11:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {08ce7e71-7c06-4e7a-8c77-180bc15681f1}
 
Error: (07/31/2023 06:24:58 PM) (Source: Application Error) (EventID: 1000) (User: HOME)
Description: Faulting application name: dptf_helper.exe, version: 8.7.10600.20700, time stamp: 0x604bfbdc
Faulting module name: dptf_helper.exe, version: 8.7.10600.20700, time stamp: 0x604bfbdc
Exception code: 0xc0000005
Fault offset: 0x0000000000002794
Faulting process id: 0x0x674c
Faulting application start time: 0x0x1d9c3fed4bd0082
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
Report Id: e9e156ac-f82f-4c15-8374-09612e86430b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/28/2023 09:50:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {08ce7e71-7c06-4e7a-8c77-180bc15681f1}
 
Error: (07/28/2023 03:34:54 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program msteams.exe version 23195.1506.2253.6778 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/28/2023 03:05:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {08ce7e71-7c06-4e7a-8c77-180bc15681f1}
 
Error: (07/28/2023 01:48:33 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (07/26/2023 05:03:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HOME)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.
 
 
System errors:
=============
Error: (08/02/2023 07:04:24 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (08/02/2023 05:57:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (08/02/2023 01:47:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.
 
Error: (07/31/2023 05:33:44 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (07/31/2023 05:32:03 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {dfd59565-71db-4b03-8b0d-c7b4a334d6e3}, had event 74
 
Error: (07/30/2023 05:50:53 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.
 
Error: (07/30/2023 01:51:00 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout.
 
Error: (07/29/2023 10:35:39 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {A28430CA-1EBF-48DD-AA17-9221B6F86A6C} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-08-02 17:44:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-31 18:50:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-29 18:34:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-28 18:33:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-19 19:32:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-06-17 10:46:59
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1577.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-06-17 10:46:59
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1577.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-05-06 22:21:03
Description: 
Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000005
Resource: 
Engine Code: 0 
 
Date: 2023-03-31 15:34:47
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.385.1608.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20100.6
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-02-10 00:13:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.381.3359.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19900.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2023-08-02 19:21:51
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\ControlLib.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.19.1 05/09/2023
Motherboard: Dell Inc. 06KTVX
Processor: 11th Gen Intel® Core™ i5-11320H @ 3.20GHz
Percentage of memory in use: 47%
Total physical RAM: 16122.79 MB
Available physical RAM: 8530.94 MB
Total Virtual: 18554.79 MB
Available Virtual: 10821.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:219.95 GB) (Free:133.39 GB) (Model: NVMe IM2P33F3A NVMe ADATA 256GB) (Protected) NTFS
 
\\?\Volume{b5d6bb56-90f0-4b79-bf9f-a7ca37907cd8}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.17 GB) NTFS
\\?\Volume{76eac0d3-37a7-415e-ab13-3ec769bb4ec7}\ (Image) (Fixed) (Total:15.74 GB) (Free:0.15 GB) NTFS
\\?\Volume{9af0f963-b945-4ade-b724-e1ab4116a409}\ (DELLSUPPORT) (Fixed) (Total:1.38 GB) (Free:0.48 GB) NTFS
\\?\Volume{cb730d6c-f91a-40b4-b467-006a8c04966b}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.2 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 05BB525B)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#4
DR M
Posted 04 August 2023 - 08:37 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

OK, let's begin.

Please, first adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=========================
 
My first comments/instructions based on your logs: 
 
1. Telemetry
 
Did you intentionally set these tasks?
 
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
 
Here you can read about Microsoft Compatibility Telemetry and turn it off if you like. 
 
 
2. Smartbyte Drivers and Services
 
Did you intentionally install this? Do you need it? Read here about it and if you don't really need it, uninstall it. 
 
The following task is connected with it:
 

Task: {C7C1A68C-B27E-460D-BF67-96EF4E6B102B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
 
If you decide to uninstall, then also uninstall Smartbyte
 
Go to Settings (Windows logo key and letter i on the keyboard) > Apps > Installed apps. Find Smartbyte, click on the 3 dots and select Uninstall.

 
3. Malwarebytes

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • After that, go to the Windows Security (Settings > Privacy & Security > Windows Security) and check if the Virus & Threat Protection is enabled. 

 

 

In your next reply please post:

  1. A reply about Telemetry and Smartbyte, and what did you decide about them.
  2. If you changed successfully the Malwarebytes setting, and if the Virus & Threat Protection is enabled. 

  • 0

#5
DR M
Posted 06 August 2023 - 02:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

Are you still with me? 


  • 0

#6
jeffloby
Posted 06 August 2023 - 09:25 AM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

I'm here just traveling.  I'll download new reports this afternoon.  Thanks,


Edited by jeffloby, 06 August 2023 - 09:26 AM.

  • 0

#7
jeffloby
Posted 06 August 2023 - 09:34 AM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

 

OK, let's begin.

Please, first adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=========================
 
My first comments/instructions based on your logs: 
 
1. Telemetry
 
Did you intentionally set these tasks?  No, I didn't set anything
 
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
 
Here you can read about Microsoft Compatibility Telemetry and turn it off if you like. 
 
 
2. Smartbyte Drivers and Services
 
Did you intentionally install this? Do you need it? Read here about it and if you don't really need it, uninstall it. 
 
The following task is connected with it:
 

Task: {C7C1A68C-B27E-460D-BF67-96EF4E6B102B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
 
If you decide to uninstall, then also uninstall Smartbyte
 
Go to Settings (Windows logo key and letter i on the keyboard) > Apps > Installed apps. Find Smartbyte, click on the 3 dots and select Uninstall.

 
3. Malwarebytes

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • After that, go to the Windows Security (Settings > Privacy & Security > Windows Security) and check if the Virus & Threat Protection is enabled. 

 

 

In your next reply please post:

  1. A reply about Telemetry and Smartbyte, and what did you decide about them.  Uninstalled Smartbyte.
  2. If you changed successfully the Malwarebytes setting, and if the Virus & Threat Protection is enabled. Removed Malwarebyte after uninstalling chrome.  Can reinstall if you need me too.

 


  • 0

#8
DR M
Posted 06 August 2023 - 12:46 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

Thanks for the information given.

 

Now, please give me fresh FRST logs to check, Addition and FRST. 

 

It's easier to me if you attach the logs instead of copy/paste them in your reply. 

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

  • 0

#9
jeffloby
Posted 06 August 2023 - 04:39 PM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Attached are the requested files.  Thanks,

Attached Files


  • 0

#10
DR M
Posted 07 August 2023 - 02:59 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

Hello.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
SystemRestore: On
CreateRestorePoint:
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
C:\Program Files\Rivet Networks
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CloseProcesses:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

2. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The eset.txt

  • 0

Advertisements

#11
jeffloby
Posted 07 August 2023 - 05:30 PM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

 

Hello.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
SystemRestore: On
CreateRestorePoint:
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {6DAA27B7-A795-41C5-AC5F-A793C402563E} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
C:\Program Files\Rivet Networks
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CloseProcesses:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

2. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The eset.txt

 

Attached Files


  • 0

#12
jeffloby
Posted 07 August 2023 - 05:30 PM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

The requested logs are attached in the post above.  Thanks!!


Edited by jeffloby, 07 August 2023 - 05:32 PM.

  • 0

#13
jeffloby
Posted 07 August 2023 - 05:33 PM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Attached are the requested logs.

Attached Files


  • 0

#14
DR M
Posted 08 August 2023 - 12:59 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,158 posts

Very good.  :thumbsup:

 

Some system corruptions have been fixed.

 

Are there any remaining issues/questions/concerns regarding this computer? 


  • 0

#15
jeffloby
Posted 08 August 2023 - 05:21 AM

jeffloby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Very good.  :thumbsup:

 

Some system corruptions have been fixed.

 

Are there any remaining issues/questions/concerns regarding this computer? 

Is there any other fixes needed?  Can i reinstall Chrome?  Thanks,


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP