Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

typed in the wrong web address, automatic pop-up [Solved]

Started by Krueg9651 , Jul 27 2023 09:45 AM

  • This topic is locked This topic is locked

#1
Krueg9651
Posted 27 July 2023 - 09:45 AM

Krueg9651

    Member

  • Member
  • PipPipPip
  • 136 posts

Hello!  Today, I meant to pay my bill at QuestDiagnostics.com.    I accidentally typed in QuestDiagonistics.com, only to get a series of immediate pop-ups and a voice telling me my computer was infected.  SOO frustrating, because of this typo, I now have malware!  :ranting:  Let that be a warning to everyone else..check what you type!   Below is my info, thank you guys soo much for everything you do!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2023
Ran by krueg_000 (administrator) on KRUEGER (Dell Inc. XPS 12-9Q33) (27-07-2023 10:36:53)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear\FRST64.exe
Loaded Profiles: krueg_000
Platform: Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\SysWOW64\irstrtsv.exe ->) (Intel Corporation) [File not signed] C:\Windows\Temp\irstrtsv\scrncap.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(services.exe ->) (Intel Wireless Display -> Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(services.exe ->) (Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.137.0702.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3205_none_7e1f4da67c811930\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleChromeAutoLaunch_4A8E26FD5AFB3D56D0E2C9C8176A95D7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3233560 2023-06-23] (Google LLC -> Google LLC)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Uninstall 23.127.0618.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.127.0618.0001"
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Uninstall 23.132.0625.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.132.0625.0001"
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.110\Installer\chrmstp.exe [2023-07-26] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {F7880805-C639-4C95-92FD-A8C131DEB40F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5308576 2023-06-13] (Microsoft Windows -> Microsoft Corporation)
Task: {23A5C104-67C6-46F2-A56E-92D809EDF88D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.)
Task: {70F7620C-24DC-446A-AE20-392594851351} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {5918BB16-7F8F-4EBE-9FE1-58805AC06DEB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {B82C175E-BD7E-4691-AE9B-2952A00FDF1C} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 ] () [File not signed] -> 
Task: {DDBD91F9-387D-49AF-8A69-8FD205640049} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 ] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {9588A41A-DABE-470E-A95C-8E65CC3F1DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {E45627EC-4364-4090-ACA7-4140DFA7A344} - System32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {62E83378-ADB9-41C0-B3E6-C4770DBD82CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {0E2825D2-0C1D-411C-918B-39735947DBB1} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [704824 2013-03-01] (Intel Corporation -> Intel)
Task: {A73D296B-BC0D-4632-899B-DDADEEA2F73A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {4C1CB5E4-059F-4211-8A64-5D6E214CCB1F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {EC6A0460-C926-4462-BBFE-7240D6A00124} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D8561A4-8408-4EED-A328-D504722A45D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DBC7CDB5-F34B-4E88-BC09-23631BC394F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1142216 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4201702-8AAC-4FBF-95A1-E6037529C9D8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {4B29DC52-C765-4E1F-B06F-E2F85489CB35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133326408 2017-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {A56C4734-80B3-4382-926A-BDE3D5E97826} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB490E59-CE1D-41B3-B05C-C4AB4859ABEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC34E1A0-16EB-497D-8AC5-251875138674} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F373F18-2765-48E1-AC15-EA16D6F31657} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
Task: {26402EE7-8AEC-4B8B-873A-5436C4114B76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167080 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3b952fb4-d066-4581-a0db-ea39b29d30d0}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-28]
Edge Extension: (Edge relevant text changes) - C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-28]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default [2023-07-27]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://padlet.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.wvhs204.org/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Floorplanner) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-05-24]
CHR Extension: (Skype Calling) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-05-24]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2023-01-04]
CHR Extension: (The QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2022-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-24]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2020-05-24]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-07-26]
CHR Extension: (Pocket Must Reads) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnnopicjonfamklpcdfnbcomdlopmof [2020-05-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2023-07-24]
CHR Extension: (Save to Pocket) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2022-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2022-10-30]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-10]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-12-08]
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-23]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-23]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-23]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-23]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-23]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-07-27]
CHR Notifications: Profile 2 -> hxxps://www.diariosur.es
CHR HomePage: Profile 2 -> hxxp://wvhs204.org/
CHR StartupUrls: Profile 2 -> "hxxp://wvhs204.org/","hxxps://espipe.sungardk12saas.com/TAC/Account/LogOn?ReturnUrl=%2fTAC"
CHR Extension: (QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afpbjjgbdimpioenaedcjgkaigggcdpp [2021-08-29]
CHR Extension: (Mobility Print) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2022-10-11]
CHR Extension: (School Video Recorder for Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boohghjaeankjfihomdfhimfgifblngd [2021-08-29]
CHR Extension: (LearnPlatform for Educators) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccjpkjhfinjcophncpdhfighmlfccmem [2023-05-28]
CHR Extension: (Gopher Buddy) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgbbbjmgdpnifijconhamggjehlamcif [2023-06-17]
CHR Extension: (OrbitNote) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\feepmdlmhplaojabeoecaobfmibooaid [2023-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-24]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2023-07-24]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2021-08-29]
CHR Extension: (Bomgar Remote Support) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-08-29]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-07-26]
CHR Extension: (Zoom Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2023-07-26]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-07-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2023-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-12]
CHR Extension: (Draftback) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nnajoiemfpldioamchanognpjmocgkbg [2022-02-14]
CHR Extension: (WordReference Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj [2022-11-27]
CHR Extension: (PrintFriendly - Print and PDF Web Pages) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2023-07-24]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2022-10-26]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-28]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel Wireless Display -> Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-07-24] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [165344 2013-05-21] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART; C:\WINDOWS\System32\drivers\iaLPSS_UART.sys [142840 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-06-18] (Intel® Smart Connect software -> )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-27 10:36 - 2023-07-27 10:37 - 000000000 ____D C:\FRST
2023-07-24 12:44 - 2023-07-24 12:44 - 000000000 ___HD C:\$WinREAgent
2023-07-01 15:07 - 2023-07-01 15:07 - 000737086 _____ C:\Users\krueg_000\Downloads\All-Documents-27877198.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-27 10:35 - 2021-12-18 02:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-27 10:35 - 2014-06-23 20:14 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-27 10:32 - 2021-09-30 23:08 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{203598EA-E27F-4818-8B3B-097F45E5FCFE}
2023-07-27 10:29 - 2016-08-10 22:12 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-27 10:28 - 2023-05-01 23:37 - 000000000 ____D C:\Users\krueg_000\AppData\Local\Malwarebytes
2023-07-27 10:28 - 2023-04-18 23:24 - 000003314 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-07-27 10:28 - 2021-09-30 22:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-27 10:28 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-26 20:53 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-26 20:18 - 2014-07-21 20:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-26 01:58 - 2020-05-24 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-26 01:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-24 13:56 - 2021-12-11 21:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-07-24 13:56 - 2021-09-30 23:08 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-07-24 13:56 - 2021-09-30 22:39 - 000002436 _____ C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-24 13:56 - 2016-06-04 20:45 - 000000000 ___RD C:\Users\krueg_000\OneDrive
2023-07-24 12:58 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-24 12:44 - 2023-01-17 22:52 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-24 12:44 - 2020-07-15 07:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-24 12:44 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-24 12:40 - 2014-07-07 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-24 12:32 - 2014-07-07 12:12 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-24 12:13 - 2014-06-23 20:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-07-07 07:14 - 2016-06-04 22:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-07-07 07:14 - 2016-06-04 20:44 - 000000000 __SHD C:\Users\krueg_000\IntelGraphicsProfiles
2023-07-05 14:33 - 2021-09-30 23:08 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-05 14:33 - 2021-09-30 23:08 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2023
Ran by krueg_000 (27-07-2023 10:38:52)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) (2021-10-01 04:08:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled)
Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled)
krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000
WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.110 - Google LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM\...\{09888C31-E15A-4E69-AF26-4BFCEE55821B}) (Version: 1.0.90.0 - Intel Corporation) Hidden
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{8B11A672-F039-4B14-867C-3F0209ADC85A}) (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61F48DA-627B-404E-9315-32A651B18B64}) (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{44B72151-611E-429D-9765-9BA093D7E48A}) (Version: 1.27.798.1 - Intel Corporation) Hidden
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5571.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 23.137.0702.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{D888F114-7537-4D48-AF03-5DA9C82D7540}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{30F99474-EBE3-4134-A02B-F6CD38CFE243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{FC6C7107-7D72-41A1-A031-3CE751159BAB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Live Communications Platform (HKLM-x32\...\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{C034A6F9-6569-491B-B3BF-F5D15221A708}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{18272881-CFC0-434D-A975-E5BE44206AA0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.3.1087.0_x64__v10z8vjag6ke6 [2023-06-22] (HP Inc.)
Intel® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-21] (Microsoft Studios) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CHC Wellbeing.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=mdehpnimddeekldphmocembfidadeogk
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Andrew (ipsd.org) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn
 
==================== Loaded Modules (Whitelisted) =============
 
2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869
FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900
FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD1530B8-8B42-4A09-BEA1-FB35BA568FFC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BAE96307-D6E7-47BB-8AB9-2924E47ECCB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80EEE651-223C-409B-B482-568DFEA69C9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5085BD1D-137B-414E-A324-8F8115A375EF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9D66F004-06A8-4C63-9EC7-21F3EC736F14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{98D04E70-40B1-410D-8083-9F6E10EE44A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
24-07-2023 12:40:42 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/27/2023 10:31:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/26/2023 08:14:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/26/2023 01:59:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/24/2023 12:11:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/10/2023 11:35:54 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/09/2023 09:20:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/08/2023 07:04:55 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/07/2023 08:16:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (07/27/2023 10:30:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/26/2023 10:34:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/26/2023 09:49:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/26/2023 08:16:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/26/2023 01:58:43 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/24/2023 04:04:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/24/2023 12:31:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/24/2023 12:13:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-07-07 09:50:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-03 20:15:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-01 13:35:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-30 15:14:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-29 12:49:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-07-07 17:00:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\chrome_elf.dll that did not meet the Microsoft signing level requirements.
 
Date: 2023-02-16 22:39:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\chrome.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A03 09/24/2013
Motherboard: Dell Inc. XPS 12-9Q33
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 91%
Total physical RAM: 4001.53 MB
Available physical RAM: 353.91 MB
Total Virtual: 10401.53 MB
Available Virtual: 1583.53 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:33.04 GB) (Model: LITEONIT LMT-128M6M mSATA 128GB) NTFS
 
\\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
\\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.29 GB) NTFS
\\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS
\\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements

#2
DR M
Posted 27 July 2023 - 01:36 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.

 

Welcome back.  :)

 

Did you intentionally installed GeoComply

 

What popups are you getting? Can you give me a screenshot of what you get? 


  • 0

#3
Krueg9651
Posted 28 July 2023 - 11:05 AM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Hello!  I don't believe I intentionally installed GeoComply.  As of now, I'm not getting pop-ups (but I swear I was earlier!).  With my luck, after this message, the pop-ups will return, but I'm not seeing anything currently.  Do you see anything from your end based on the scan results I posted? 


Edited by Krueg9651, 28 July 2023 - 11:07 AM.

  • 0

#4
DR M
Posted 29 July 2023 - 12:04 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi. Actually, the name of the installed program is Player Location Check by GeoComply. If you would like to uninstall it, please do that now and provide fresh FRST logs. Before doing that, be sure that FRST tool is on your Desktop and not anywhere else. Let me know if you keep it, so we can continue from here. 

 

Just to ease your mind, I don't see malware signs in the logs. However, we will proceed to further checks, so we can be sure about that. 


  • 0

#5
Krueg9651
Posted 29 July 2023 - 03:34 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Player Location Check by GeoComply has been uninstalled!  I moved FRST to the desktop.  Here is my log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2023
Ran by krueg_000 (administrator) on KRUEGER (Dell Inc. XPS 12-9Q33) (29-07-2023 16:27:57)
Running from C:\Users\krueg_000\OneDrive\Desktop\FRST64.exe
Loaded Profiles: krueg_000
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe ->) (Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\SysWOW64\irstrtsv.exe ->) (Intel Corporation) [File not signed] C:\Windows\Temp\irstrtsv\scrncap.exe
(explorer.exe ->) (Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <42>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(services.exe ->) (Intel Wireless Display -> Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(services.exe ->) (Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.142.0709.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleChromeAutoLaunch_4A8E26FD5AFB3D56D0E2C9C8176A95D7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3217176 2023-07-25] (Google LLC -> Google LLC)
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.110\Installer\chrmstp.exe [2023-07-26] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {F7880805-C639-4C95-92FD-A8C131DEB40F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5308592 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {23A5C104-67C6-46F2-A56E-92D809EDF88D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.)
Task: {70F7620C-24DC-446A-AE20-392594851351} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {5918BB16-7F8F-4EBE-9FE1-58805AC06DEB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {9588A41A-DABE-470E-A95C-8E65CC3F1DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {E45627EC-4364-4090-ACA7-4140DFA7A344} - System32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {62E83378-ADB9-41C0-B3E6-C4770DBD82CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {0E2825D2-0C1D-411C-918B-39735947DBB1} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [704824 2013-03-01] (Intel Corporation -> Intel)
Task: {A73D296B-BC0D-4632-899B-DDADEEA2F73A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {4C1CB5E4-059F-4211-8A64-5D6E214CCB1F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {EC6A0460-C926-4462-BBFE-7240D6A00124} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D8561A4-8408-4EED-A328-D504722A45D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DBC7CDB5-F34B-4E88-BC09-23631BC394F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1142216 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4201702-8AAC-4FBF-95A1-E6037529C9D8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {4B29DC52-C765-4E1F-B06F-E2F85489CB35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133326408 2017-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {A56C4734-80B3-4382-926A-BDE3D5E97826} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB490E59-CE1D-41B3-B05C-C4AB4859ABEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC34E1A0-16EB-497D-8AC5-251875138674} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F373F18-2765-48E1-AC15-EA16D6F31657} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
Task: {26402EE7-8AEC-4B8B-873A-5436C4114B76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167080 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3b952fb4-d066-4581-a0db-ea39b29d30d0}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-28]
Edge Extension: (Edge relevant text changes) - C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-28]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default [2023-07-29]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://padlet.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.wvhs204.org/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Floorplanner) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-05-24]
CHR Extension: (Skype Calling) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-05-24]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2023-01-04]
CHR Extension: (The QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2022-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-28]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2020-05-24]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-07-28]
CHR Extension: (Pocket Must Reads) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnnopicjonfamklpcdfnbcomdlopmof [2020-05-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2023-07-28]
CHR Extension: (Save to Pocket) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2022-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2022-10-30]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-10]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-12-08]
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-23]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-23]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-23]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-23]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-23]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-07-29]
CHR Notifications: Profile 2 -> hxxps://www.diariosur.es
CHR HomePage: Profile 2 -> hxxp://wvhs204.org/
CHR StartupUrls: Profile 2 -> "hxxp://wvhs204.org/","hxxps://espipe.sungardk12saas.com/TAC/Account/LogOn?ReturnUrl=%2fTAC"
CHR Extension: (QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afpbjjgbdimpioenaedcjgkaigggcdpp [2021-08-29]
CHR Extension: (Mobility Print) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2022-10-11]
CHR Extension: (School Video Recorder for Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boohghjaeankjfihomdfhimfgifblngd [2021-08-29]
CHR Extension: (LearnPlatform for Educators) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccjpkjhfinjcophncpdhfighmlfccmem [2023-05-28]
CHR Extension: (Gopher Buddy) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgbbbjmgdpnifijconhamggjehlamcif [2023-06-17]
CHR Extension: (OrbitNote) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\feepmdlmhplaojabeoecaobfmibooaid [2023-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-28]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2023-07-28]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2021-08-29]
CHR Extension: (Bomgar Remote Support) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-08-29]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-07-28]
CHR Extension: (Zoom Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2023-07-28]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-07-28]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2023-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-12]
CHR Extension: (Draftback) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nnajoiemfpldioamchanognpjmocgkbg [2022-02-14]
CHR Extension: (WordReference Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj [2022-11-27]
CHR Extension: (PrintFriendly - Print and PDF Web Pages) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2023-07-28]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2022-10-26]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-28]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel Wireless Display -> Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-07-29] (Malwarebytes Inc. -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [165344 2013-05-21] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART; C:\WINDOWS\System32\drivers\iaLPSS_UART.sys [142840 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-06-18] (Intel® Smart Connect software -> )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-27 10:36 - 2023-07-29 16:28 - 000000000 ____D C:\FRST
2023-07-24 12:44 - 2023-07-24 12:44 - 000000000 ___HD C:\$WinREAgent
2023-07-01 15:07 - 2023-07-01 15:07 - 000737086 _____ C:\Users\krueg_000\Downloads\All-Documents-27877198.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-29 16:28 - 2021-12-18 02:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-29 16:28 - 2014-06-23 20:14 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-29 16:26 - 2023-02-05 12:00 - 000000000 ____D C:\ProgramData\GeoComply
2023-07-29 11:55 - 2023-05-01 23:37 - 000000000 ____D C:\Users\krueg_000\AppData\Local\Malwarebytes
2023-07-29 11:35 - 2021-09-30 22:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-29 10:53 - 2023-01-17 22:52 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-29 10:53 - 2021-09-30 23:08 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{203598EA-E27F-4818-8B3B-097F45E5FCFE}
2023-07-29 10:53 - 2020-07-15 07:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-29 10:53 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-29 10:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-28 11:27 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-28 11:27 - 2016-06-04 20:45 - 000000000 ___RD C:\Users\krueg_000\OneDrive
2023-07-27 17:37 - 2021-09-30 23:08 - 001776284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-27 17:37 - 2021-09-30 22:10 - 000788360 _____ C:\WINDOWS\system32\perfh00A.dat
2023-07-27 17:37 - 2021-09-30 22:10 - 000155802 _____ C:\WINDOWS\system32\perfc00A.dat
2023-07-27 17:37 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-27 17:34 - 2016-06-04 22:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-07-27 17:34 - 2016-06-04 20:44 - 000000000 __SHD C:\Users\krueg_000\IntelGraphicsProfiles
2023-07-27 17:33 - 2021-09-30 23:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-27 17:33 - 2021-09-30 22:58 - 000441368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-27 17:33 - 2021-03-01 01:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-07-27 17:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-27 17:32 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-07-27 14:38 - 2021-12-11 21:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-07-27 14:38 - 2021-09-30 23:08 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-07-27 14:38 - 2021-09-30 22:39 - 000002436 _____ C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-27 10:29 - 2016-08-10 22:12 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-26 20:18 - 2014-07-21 20:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-26 01:58 - 2020-05-24 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-24 12:58 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-24 12:53 - 2021-09-30 23:00 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-24 12:40 - 2014-07-07 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-24 12:32 - 2014-07-07 12:12 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-24 12:13 - 2014-06-23 20:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-07-05 14:33 - 2021-09-30 23:08 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-05 14:33 - 2021-09-30 23:08 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2023
Ran by krueg_000 (29-07-2023 16:30:14)
Running from C:\Users\krueg_000\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2021-10-01 04:08:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled)
Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled)
krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000
WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.110 - Google LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM\...\{09888C31-E15A-4E69-AF26-4BFCEE55821B}) (Version: 1.0.90.0 - Intel Corporation) Hidden
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{8B11A672-F039-4B14-867C-3F0209ADC85A}) (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61F48DA-627B-404E-9315-32A651B18B64}) (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{44B72151-611E-429D-9765-9BA093D7E48A}) (Version: 1.27.798.1 - Intel Corporation) Hidden
Malwarebytes version 4.5.33.272 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.33.272 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5571.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{D888F114-7537-4D48-AF03-5DA9C82D7540}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{30F99474-EBE3-4134-A02B-F6CD38CFE243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{FC6C7107-7D72-41A1-A031-3CE751159BAB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Live Communications Platform (HKLM-x32\...\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{C034A6F9-6569-491B-B3BF-F5D15221A708}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{18272881-CFC0-434D-A975-E5BE44206AA0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-27] (HP Inc.)
Intel® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-21] (Microsoft Studios) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CHC Wellbeing.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=mdehpnimddeekldphmocembfidadeogk
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Andrew (ipsd.org) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn
 
==================== Loaded Modules (Whitelisted) =============
 
2023-07-28 11:26 - 2023-07-28 11:26 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_ctypes.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000128512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_elementtree.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000914432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_hashlib.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000027648 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_multiprocessing.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000036864 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_psutil_windows.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000046080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_socket.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 001303552 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_ssl.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000020480 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\_yappi.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000012800 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\common.time34.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000007168 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\hashobjs_ext.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000127488 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\pyexpat.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000682496 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\pysqlite2._sqlite.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000364544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\pythoncom27.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 000110080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\pywintypes27.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 000010240 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\select.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000017920 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\thumbnails_ext.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000686080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\unicodedata.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\usb_ext.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000098816 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32api.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000320512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32com.shell.shell.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000011264 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32crypt.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000018432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32event.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000119808 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32file.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000167936 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32gui.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000038912 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32inet.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000025600 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32pdh.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000024064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32pipe.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000035840 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32process.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000017408 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32profile.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000108544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32security.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000022528 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\win32ts.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000078848 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._animate.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 001067008 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._controls_.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 001176576 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._core_.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000806400 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._gdi_.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000077312 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._html2.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000733184 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._misc_.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000816128 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._windows_.pyd
2023-07-28 11:26 - 2023-07-28 11:26 - 000123392 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wx._wizard.pyd
2013-11-30 17:31 - 2013-03-01 12:58 - 000130048 _____ (CodePlex Community) [File not signed] [File is in use] C:\Program Files (x86)\Intel\irstrt\Microsoft.Win32.TaskScheduler.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\python27.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxbase30u_net_vc90.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxbase30u_vc90.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxmsw30u_adv_vc90.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxmsw30u_core_vc90.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxmsw30u_html_vc90.dll
2023-07-28 11:26 - 2023-07-28 11:26 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI139042\wxmsw30u_webview_vc90.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869
FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900
FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D66F004-06A8-4C63-9EC7-21F3EC736F14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{98D04E70-40B1-410D-8083-9F6E10EE44A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F225E7F5-A1D3-4E4F-892F-BA6D64020EDB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E95F7DF5-4A6E-45E0-AFD2-E1FC82531963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E22A6560-B312-4E92-B39C-DC56D648E82E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA985445-715B-4437-B703-A69CF472B5E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
24-07-2023 12:40:42 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/29/2023 10:52:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/28/2023 11:28:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/27/2023 05:33:26 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/27/2023 05:33:24 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/27/2023 05:33:24 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/27/2023 05:33:24 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/27/2023 05:33:24 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/27/2023 10:56:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3031, time stamp: 0x30ed67b0
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3086, time stamp: 0xe1ac3f79
Exception code: 0xc0000409
Fault offset: 0x000000000012d8b2
Faulting process id: 0x26e8
Faulting application start time: 0x01d9c09ffd22688b
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e9460b21-20de-4264-ba80-71fe7c543cad
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (07/29/2023 04:26:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/29/2023 10:51:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/28/2023 11:29:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/27/2023 05:37:21 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/27/2023 05:31:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (07/27/2023 05:31:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (07/27/2023 05:17:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/27/2023 02:41:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-07-29 11:12:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-28 12:03:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-27 14:37:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-07 09:50:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-03 20:15:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-07-07 17:00:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\chrome_elf.dll that did not meet the Microsoft signing level requirements.
 
Date: 2023-02-16 22:39:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\chrome.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A03 09/24/2013
Motherboard: Dell Inc. XPS 12-9Q33
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 85%
Total physical RAM: 4001.53 MB
Available physical RAM: 593.2 MB
Total Virtual: 10401.53 MB
Available Virtual: 3832.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:30.92 GB) (Model: LITEONIT LMT-128M6M mSATA 128GB) NTFS
 
\\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
\\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.29 GB) NTFS
\\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS
\\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
DR M
Posted 30 July 2023 - 02:05 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

You turned the Google Sync option on. I strongly recommend you to turn it off, not only on this computer but on all your other devices too. I'll tell you when you can turn it on and with what order. 
 
So... after turning the Sync off, please do the following:
 
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {70F7620C-24DC-446A-AE20-392594851351} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {5918BB16-7F8F-4EBE-9FE1-58805AC06DEB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
2023-07-29 16:26 - 2023-02-05 12:00 - 000000000 ____D C:\ProgramData\GeoComply
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

3. Run Malwarebytes (scan only)

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
DR M
Posted 02 August 2023 - 10:23 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.

 

Are you still with me? 


  • 0

#8
Krueg9651
Posted 02 August 2023 - 06:50 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Yes my apologies for the delayed response!  I will make sure to respond much quicker next time you post.  Here are my logs  (no threat found from MalwareBytes):

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by krueg_000 (02-08-2023 14:28:38) Run:1
Running from C:\Users\krueg_000\OneDrive\Desktop
Loaded Profiles: krueg_000
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {70F7620C-24DC-446A-AE20-392594851351} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {5918BB16-7F8F-4EBE-9FE1-58805AC06DEB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
2023-07-29 16:26 - 2023-02-05 12:00 - 000000000 ____D C:\ProgramData\GeoComply
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70F7620C-24DC-446A-AE20-392594851351}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70F7620C-24DC-446A-AE20-392594851351}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5918BB16-7F8F-4EBE-9FE1-58805AC06DEB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5918BB16-7F8F-4EBE-9FE1-58805AC06DEB}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9DCF59E-6B97-4C0C-8641-B8261089C8CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DCF59E-6B97-4C0C-8641-B8261089C8CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
 
"C:\ProgramData\GeoComply" folder move:
 
C:\ProgramData\GeoComply => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19045.3208
 
 
[==                         3.8%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.4%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.7%                           ] 
 
[===                        6.2%                           ] 
 
[====                       7.1%                           ] 
 
[====                       7.5%                           ] 
 
[====                       8.1%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      10.0%                          ] 
 
[======                     10.9%                          ] 
 
[======                     11.2%                          ] 
 
[=======                    12.1%                          ] 
 
[=======                    12.9%                          ] 
 
[=======                    13.4%                          ] 
 
[=======                    13.7%                          ] 
 
[========                   14.3%                          ] 
 
[========                   15.1%                          ] 
 
[=========                  16.1%                          ] 
 
[=========                  16.3%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.5%                          ] 
 
[=========                  17.0%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.9%                          ] 
 
[============               20.9%                          ] 
 
[============               21.7%                          ] 
 
[=============              22.7%                          ] 
 
[=============              23.5%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.6%                          ] 
 
[==============             25.0%                          ] 
 
[==============             25.3%                          ] 
 
[==============             25.6%                          ] 
 
[==============             25.7%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.2%                          ] 
 
[===============            26.8%                          ] 
 
[================           27.8%                          ] 
 
[================           28.8%                          ] 
 
[=================          29.5%                          ] 
 
[=================          30.1%                          ] 
 
[=================          30.6%                          ] 
 
[==================         31.4%                          ] 
 
[==================         32.4%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.5%                          ] 
 
[===================        34.1%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.0%                          ] 
 
[====================       35.2%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.5%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.3%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.8%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  44.1%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.8%                          ] 
 
[===========================46.8%                          ] 
 
[===========================47.1%                          ] 
 
[===========================48.1%                          ] 
 
[===========================49.1%                          ] 
 
[===========================50.0%                          ] 
 
[===========================51.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================58.7%==                        ] 
 
[===========================59.7%==                        ] 
 
[===========================59.9%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92800035 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 12903395 B
Edge => 0 B
Chrome => 85649990 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 709374 B
krueg_000 => 5020167561 B
 
RecycleBin => 15938578 B
EmptyTemp: => 4.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:40:59 ====
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-02-2023
# Duration: 00:00:12
# OS:       Windows 10 (Build 19045.3208)
# Scanned:  32097
# Detected: 2
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/2/23
Scan Time: 7:39 PM
Log File: 2a8014c0-3196-11ee-a9fd-000000000000.json
 
-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.73381
License: Expired
 
-System Information-
OS: Windows 10 (Build 19045.3208)
CPU: x64
File System: NTFS
User: Krueger\krueg_000
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 264582
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 

  • 0

#9
Krueg9651
Posted 02 August 2023 - 06:50 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Yes my apologies for the delayed response!  I will make sure to respond much quicker next time you post.  Here are my logs  (no threat found from MalwareBytes):

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by krueg_000 (02-08-2023 14:28:38) Run:1
Running from C:\Users\krueg_000\OneDrive\Desktop
Loaded Profiles: krueg_000
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {70F7620C-24DC-446A-AE20-392594851351} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {5918BB16-7F8F-4EBE-9FE1-58805AC06DEB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\krueg_000\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
2023-07-29 16:26 - 2023-02-05 12:00 - 000000000 ____D C:\ProgramData\GeoComply
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70F7620C-24DC-446A-AE20-392594851351}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70F7620C-24DC-446A-AE20-392594851351}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5918BB16-7F8F-4EBE-9FE1-58805AC06DEB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5918BB16-7F8F-4EBE-9FE1-58805AC06DEB}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9DCF59E-6B97-4C0C-8641-B8261089C8CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DCF59E-6B97-4C0C-8641-B8261089C8CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{094CD275-5C71-4753-B57E-5566CA859498}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB21EF32-6BA9-4118-BBC1-BC4FF48961E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6759EE-1C08-4B8F-955C-774AB5A6544E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F6DBBD1-1FA5-490B-A482-1F43FCC689E6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
 
"C:\ProgramData\GeoComply" folder move:
 
C:\ProgramData\GeoComply => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19045.3208
 
 
[==                         3.8%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.4%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.7%                           ] 
 
[===                        6.2%                           ] 
 
[====                       7.1%                           ] 
 
[====                       7.5%                           ] 
 
[====                       8.1%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      10.0%                          ] 
 
[======                     10.9%                          ] 
 
[======                     11.2%                          ] 
 
[=======                    12.1%                          ] 
 
[=======                    12.9%                          ] 
 
[=======                    13.4%                          ] 
 
[=======                    13.7%                          ] 
 
[========                   14.3%                          ] 
 
[========                   15.1%                          ] 
 
[=========                  16.1%                          ] 
 
[=========                  16.3%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.5%                          ] 
 
[=========                  17.0%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.9%                          ] 
 
[============               20.9%                          ] 
 
[============               21.7%                          ] 
 
[=============              22.7%                          ] 
 
[=============              23.5%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.6%                          ] 
 
[==============             25.0%                          ] 
 
[==============             25.3%                          ] 
 
[==============             25.6%                          ] 
 
[==============             25.7%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.2%                          ] 
 
[===============            26.8%                          ] 
 
[================           27.8%                          ] 
 
[================           28.8%                          ] 
 
[=================          29.5%                          ] 
 
[=================          30.1%                          ] 
 
[=================          30.6%                          ] 
 
[==================         31.4%                          ] 
 
[==================         32.4%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.5%                          ] 
 
[===================        34.1%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.0%                          ] 
 
[====================       35.2%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.5%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.3%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.8%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  44.1%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.8%                          ] 
 
[===========================46.8%                          ] 
 
[===========================47.1%                          ] 
 
[===========================48.1%                          ] 
 
[===========================49.1%                          ] 
 
[===========================50.0%                          ] 
 
[===========================51.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================58.7%==                        ] 
 
[===========================59.7%==                        ] 
 
[===========================59.9%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92800035 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 12903395 B
Edge => 0 B
Chrome => 85649990 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 709374 B
krueg_000 => 5020167561 B
 
RecycleBin => 15938578 B
EmptyTemp: => 4.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:40:59 ====
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-02-2023
# Duration: 00:00:12
# OS:       Windows 10 (Build 19045.3208)
# Scanned:  32097
# Detected: 2
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/2/23
Scan Time: 7:39 PM
Log File: 2a8014c0-3196-11ee-a9fd-000000000000.json
 
-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.73381
License: Expired
 
-System Information-
OS: Windows 10 (Build 19045.3208)
CPU: x64
File System: NTFS
User: Krueger\krueg_000
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 264582
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 

  • 0

#10
DR M
Posted 03 August 2023 - 10:23 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

The computer is clean.

 

Please give me fresh FRST logs to check, Addition and FRST.

 

In addition, please let me know if there are any other remaining issues/questions/concerns, regarding this computer. 


  • 0

Advertisements

#11
Krueg9651
Posted 03 August 2023 - 02:55 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Thank you!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
Ran by krueg_000 (administrator) on KRUEGER (Dell Inc. XPS 12-9Q33) (03-08-2023 15:50:30)
Running from C:\Users\krueg_000\OneDrive\Desktop\FRST64.exe
Loaded Profiles: krueg_000
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe ->) (Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\SysWOW64\irstrtsv.exe ->) (Intel Corporation) [File not signed] C:\Windows\Temp\irstrtsv\scrncap.exe
(explorer.exe ->) (Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(services.exe ->) (Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(services.exe ->) (Intel Wireless Display -> Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(services.exe ->) (Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21524.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.147.0716.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [MicrosoftEdgeAutoLaunch_38A5A74C0F574CCAB915AEF4FDB30067] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088256 2023-07-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\RunOnce: [Uninstall 23.142.0709.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\23.142.0709.0001"
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.111\Installer\chrmstp.exe [2023-08-02] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {F7880805-C639-4C95-92FD-A8C131DEB40F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5308592 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {23A5C104-67C6-46F2-A56E-92D809EDF88D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.)
Task: {9588A41A-DABE-470E-A95C-8E65CC3F1DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {E45627EC-4364-4090-ACA7-4140DFA7A344} - System32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {62E83378-ADB9-41C0-B3E6-C4770DBD82CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {0E2825D2-0C1D-411C-918B-39735947DBB1} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [704824 2013-03-01] (Intel Corporation -> Intel)
Task: {A73D296B-BC0D-4632-899B-DDADEEA2F73A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {4C1CB5E4-059F-4211-8A64-5D6E214CCB1F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {EC6A0460-C926-4462-BBFE-7240D6A00124} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D8561A4-8408-4EED-A328-D504722A45D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DBC7CDB5-F34B-4E88-BC09-23631BC394F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1142216 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4201702-8AAC-4FBF-95A1-E6037529C9D8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {4B29DC52-C765-4E1F-B06F-E2F85489CB35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133326408 2017-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {A56C4734-80B3-4382-926A-BDE3D5E97826} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB490E59-CE1D-41B3-B05C-C4AB4859ABEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC34E1A0-16EB-497D-8AC5-251875138674} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F373F18-2765-48E1-AC15-EA16D6F31657} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26402EE7-8AEC-4B8B-873A-5436C4114B76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167080 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3b952fb4-d066-4581-a0db-ea39b29d30d0}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-02]
Edge Extension: (Edge relevant text changes) - C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-02]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-08-03]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-08-03]
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-23]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-23]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-23]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-23]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-23]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\System Profile [2023-08-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel Wireless Display -> Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-07-29] (Malwarebytes Inc. -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [165344 2013-05-21] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART; C:\WINDOWS\System32\drivers\iaLPSS_UART.sys [142840 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-06-18] (Intel® Smart Connect software -> )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-08-02 19:36 - 2023-08-02 19:36 - 000000000 ____D C:\AdwCleaner
2023-08-02 19:31 - 2023-08-02 19:31 - 008791352 _____ (Malwarebytes) C:\Users\krueg_000\Downloads\AdwCleaner.exe
2023-07-27 10:36 - 2023-08-03 15:51 - 000000000 ____D C:\FRST
2023-07-24 12:44 - 2023-07-24 12:44 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-08-03 15:51 - 2021-09-30 23:08 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{203598EA-E27F-4818-8B3B-097F45E5FCFE}
2023-08-03 15:49 - 2021-12-18 02:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-03 15:49 - 2014-06-23 20:14 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-03 15:48 - 2021-09-30 22:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-03 15:48 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-03 00:06 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-03 00:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-02 23:47 - 2021-12-11 21:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-08-02 23:47 - 2021-09-30 23:08 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2023-08-02 23:47 - 2021-09-30 22:39 - 000002436 _____ C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-02 23:47 - 2016-06-04 20:45 - 000000000 ___RD C:\Users\krueg_000\OneDrive
2023-08-02 19:33 - 2021-09-30 23:08 - 001776284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-02 19:33 - 2021-09-30 22:10 - 000788360 _____ C:\WINDOWS\system32\perfh00A.dat
2023-08-02 19:33 - 2021-09-30 22:10 - 000155802 _____ C:\WINDOWS\system32\perfc00A.dat
2023-08-02 19:33 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-02 19:31 - 2014-07-21 20:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-02 19:29 - 2023-05-01 23:37 - 000000000 ____D C:\Users\krueg_000\AppData\Local\Malwarebytes
2023-08-02 19:28 - 2021-09-30 23:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-02 19:28 - 2021-03-01 01:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-02 19:28 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-02 19:28 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-08-02 19:28 - 2016-06-04 22:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-08-02 19:28 - 2016-06-04 20:44 - 000000000 __SHD C:\Users\krueg_000\IntelGraphicsProfiles
2023-08-02 14:33 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-01 18:40 - 2021-09-30 23:08 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-08-01 18:40 - 2021-09-30 23:08 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11
2023-07-29 10:53 - 2023-01-17 22:52 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-29 10:53 - 2020-07-15 07:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-27 17:33 - 2021-09-30 22:58 - 000441368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-27 17:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-27 10:29 - 2016-08-10 22:12 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-26 01:58 - 2020-05-24 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-24 12:53 - 2021-09-30 23:00 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-24 12:40 - 2014-07-07 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-24 12:32 - 2014-07-07 12:12 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-24 12:13 - 2014-06-23 20:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-07-05 14:33 - 2021-09-30 23:08 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-05 14:33 - 2021-09-30 23:08 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2023
Ran by krueg_000 (03-08-2023 15:53:06)
Running from C:\Users\krueg_000\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2021-10-01 04:08:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled)
Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled)
krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000
WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.111 - Google LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM\...\{09888C31-E15A-4E69-AF26-4BFCEE55821B}) (Version: 1.0.90.0 - Intel Corporation) Hidden
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{8B11A672-F039-4B14-867C-3F0209ADC85A}) (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61F48DA-627B-404E-9315-32A651B18B64}) (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{44B72151-611E-429D-9765-9BA093D7E48A}) (Version: 1.27.798.1 - Intel Corporation) Hidden
Malwarebytes version 4.5.33.272 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.33.272 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5571.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5571.1000 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Photo Common (HKLM-x32\...\{D888F114-7537-4D48-AF03-5DA9C82D7540}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{30F99474-EBE3-4134-A02B-F6CD38CFE243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{FC6C7107-7D72-41A1-A031-3CE751159BAB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Live Communications Platform (HKLM-x32\...\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{C034A6F9-6569-491B-B3BF-F5D15221A708}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{18272881-CFC0-434D-A975-E5BE44206AA0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-27] (HP Inc.)
Intel® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-21] (Microsoft Studios) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-07] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn
 
==================== Loaded Modules (Whitelisted) =============
 
2023-08-02 19:29 - 2023-08-02 19:29 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_ctypes.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000128512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_elementtree.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000914432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_hashlib.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000027648 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_multiprocessing.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000036864 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_psutil_windows.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000046080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_socket.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 001303552 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_ssl.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000020480 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\_yappi.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000012800 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\common.time34.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000007168 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\hashobjs_ext.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000127488 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\pyexpat.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000682496 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\pysqlite2._sqlite.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000364544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\pythoncom27.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 000110080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\pywintypes27.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 000010240 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\select.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000017920 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\thumbnails_ext.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000686080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\unicodedata.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\usb_ext.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000098816 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32api.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000320512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32com.shell.shell.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000011264 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32crypt.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000018432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32event.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000119808 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32file.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000167936 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32gui.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000038912 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32inet.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000025600 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32pdh.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000024064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32pipe.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000035840 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32process.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000017408 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32profile.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000108544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32security.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000022528 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\win32ts.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000078848 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._animate.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 001067008 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._controls_.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 001176576 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._core_.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000806400 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._gdi_.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000077312 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._html2.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000733184 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._misc_.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000816128 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._windows_.pyd
2023-08-02 19:29 - 2023-08-02 19:29 - 000123392 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wx._wizard.pyd
2013-11-30 17:31 - 2013-03-01 12:58 - 000130048 _____ (CodePlex Community) [File not signed] [File is in use] C:\Program Files (x86)\Intel\irstrt\Microsoft.Win32.TaskScheduler.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\python27.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxbase30u_net_vc90.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxbase30u_vc90.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxmsw30u_adv_vc90.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxmsw30u_core_vc90.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxmsw30u_html_vc90.dll
2023-08-02 19:29 - 2023-08-02 19:29 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI73642\wxmsw30u_webview_vc90.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869
FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900
FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F225E7F5-A1D3-4E4F-892F-BA6D64020EDB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E95F7DF5-4A6E-45E0-AFD2-E1FC82531963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E22A6560-B312-4E92-B39C-DC56D648E82E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA985445-715B-4437-B703-A69CF472B5E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{272B5E99-3C1D-4B6B-BBA0-692D062BEDC5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9F19891-D63F-4568-A9F8-3E67BB9D2B69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
31-07-2023 22:58:43 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/03/2023 03:51:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/02/2023 07:28:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/02/2023 07:28:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/02/2023 02:29:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/02/2023 02:28:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {70eea0de-1d76-4676-9242-27abb6ec51f2}
 
Error: (08/02/2023 10:55:37 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/01/2023 06:42:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/31/2023 12:44:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (08/03/2023 03:50:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/02/2023 11:48:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/02/2023 07:31:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/02/2023 07:28:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/02/2023 02:28:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/02/2023 02:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/02/2023 02:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/02/2023 02:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Client Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2023-08-02 11:03:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-31 22:56:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-30 20:30:17
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-29 11:12:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-07-28 12:03:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-08-02 19:45:42
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.393.2107.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2023-07-07 17:00:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\chrome_elf.dll that did not meet the Microsoft signing level requirements.
 
Date: 2023-02-16 22:39:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\chrome.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A03 09/24/2013
Motherboard: Dell Inc. XPS 12-9Q33
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 88%
Total physical RAM: 4001.53 MB
Available physical RAM: 452.77 MB
Total Virtual: 10401.53 MB
Available Virtual: 5452.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:46.01 GB) (Model: LITEONIT LMT-128M6M mSATA 128GB) NTFS
 
\\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
\\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.29 GB) NTFS
\\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS
\\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#12
DR M
Posted 04 August 2023 - 02:27 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

I had told you in my previous post here that I would like you to turn the Google Sync option off. It is important when you clean a machine to stop this, so if any other devices are infected, the malware not to spread in the machine we clean. So...
 
1. Please, turn the sync option OFF in all your devices.
 
2. Then, enable it starting with this computer which is now clean. 
 
 
Something else you should consider:
 
These lines are from your logs:
 
Percentage of memory in use: 88%
Total physical RAM: 4001.53 MB
Available physical RAM: 452.77 MB
 
That means you haven't got sufficient resources to run your programs. Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. 
 
 
Finally, if no other questions...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#13
Krueg9651
Posted 04 August 2023 - 11:33 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

My sync was turned off my from this computer previously (hopefully it showed on your end), and I made sure to turn off the sync from my work laptop (the only other computer that would have had it synced).

 

Unfortunately, when I tried to run as administrator for Kprm, I keep getting blocked by the following (see image), which gives me no option to skip

 

 

Attached Thumbnails

  • blocks me from using.JPG

Edited by Krueg9651, 04 August 2023 - 11:34 PM.

  • 0

#14
DR M
Posted 05 August 2023 - 03:55 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

It is a false-positive detection by Windows. Click on More Info and then choose Run anyway. 

 

As to the sync: make sure both computers have the option turned OFF. Then, turn ON the option on this computer first, then on the other. 


  • 0

#15
Krueg9651
Posted 06 August 2023 - 05:50 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
# Run at 8/6/2023 6:48:16 PM
# KpRm (Kernel-panik) version 2.14.0
# Run by krueg_000 from C:\WINDOWS\system32
# Computer Name: KRUEGER
# OS: Windows 10 X64 (19045) (10.0.19045.3208) 
# Number of passes: 3
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\krueg_000\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2023-08-06-18-48-16
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\krueg_000\OneDrive\Desktop\AdwCleaner.exe deleted
     [OK] C:\Users\krueg_000\Downloads\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
 
  ## FRST
     [OK] C:\Users\krueg_000\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear\Addition.txt deleted
     [OK] C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear\FRST.txt deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Scheduled Checkpoint created at 08/01/2023 03:58:43 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 08/06/2023 23:48:38
 
-- KPRM finished in 47.23s --

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP