Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

I suspect I have a RAT or just plain paranoia.


  • Please log in to reply
16 replies to this topic

#1 Romy99

Romy99

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 15 February 2024 - 04:22 PM

Hello, 

 

I am new here and I've decided to ask for help here since I've taken my PC (Dell XPS8940) to GeekSquad and they keep telling me there's nothing wrong. However, I was seeing the WIFI and Bluetooth "activating themselves" on my PC, when I never have them on. Also I see logs related to Hyper V and remote operations, which I also NEVER use. GS has clean my PC but I still have the feeling something is off - Maybe I'm just being extra paranoid, but I've been seeing similar behavior on my Samsung phones, which really bothers me as I have a new router with firewall installed. So I can't imagine how something could have gotten through.

Anyway. I've disabled services that I don't use, and may make my PC more vulnerable (like Hyper-V and remote access related services), I've also disabled optional windows features like OpenSSH and WMIC that I don't use. I've run RogueKill, AdwCleaner and Malwarebytes already.

Here are the FARBAR logs after running all of the other software, updating windows and restarting - Hopefully you guys can see something I don't - Or if anything - at least I'll have peace of mind knowing there's no RAT or keylogger around. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.02.2024
Ran by NCC1701_02.02.24 (administrator) on NEW-NCC1701 (Dell Inc. XPS 8940) (15-02-2024 12:54:04)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY\FRST64.exe
Loaded Profiles: NCC1701_02.02.24
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe <6>
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxEMN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2312.18.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ca4b456b5e9690a6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_06b60d2a4a90370d\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3073_none_e9771ec042bad855\TiWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe [1649504 2023-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe [5083736 2023-02-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1617960 2023-12-05] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-15] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker -> No File <==== ATTENTION
Task: {CCD5E882-466F-4294-8FA8-2BF3547DEB72} - System32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {3F4E2B57-72D4-4C77-BF3E-47FAA2D5151F} - System32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {5D82B75E-74BF-43D7-BEDD-0D6E648D65DD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {F933043F-E6F5-46BC-8273-971DAB0DF1C1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {4C4A5CDD-4131-4C0E-8C5D-DFC0266123EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {933320C6-7752-4A36-8206-3ED62461F1CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [191155960 2024-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {99272C9D-9A3C-41F4-9E27-381D29A5D705} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4F0067C2-EE35-4CCE-84C9-F2FAE44EB357} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {3BFF8200-DBA5-4862-8CE5-FA37F85879CB} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31536 2023-12-18] (Intel Corporation -> )
Task: {65365E6D-5510-4ECC-8775-6DAACE394058} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-12-03] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.31.200
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}\0534F4E4C495F5F4344523032333: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{f061f94f-7f6c-489f-a5e9-f0921c55f548}: [DhcpNameServer] 192.168.31.200
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-15]
Edge Extension: (Google Docs Offline) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-02]
Edge Extension: (Edge relevant text changes) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
 
FireFox:
========
FF DefaultProfile: 8ixzsuoo.default
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\8ixzsuoo.default [2024-02-15]
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\yurzp3sj.default-release [2024-02-15]
 
Chrome: 
=======
CHR Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default [2024-02-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
S2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-01-17] (Intel Corporation -> Intel)
S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [240392 2024-01-17] (Intel Corporation -> Intel)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation)
R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78240 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2385824 2023-12-18] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2639776 2023-12-18] (Intel Corporation -> Intel)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15245744 2024-02-14] (ADLICE -> )
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159072 2024-01-17] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 workfolderssvc; %systemroot%\system32\workfolderssvc.dll [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [561152 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [149864 2020-06-16] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_808162718b526a1e\e2k68cx21x64.sys [752448 2023-12-19] (Realtek Semiconductor Corp. -> Realtek)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [254768 2023-12-18] (Intel Corporation -> Rivet Networks, LLC.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2024-02-15] (ADLICE (Julien Ascoet) -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2024-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-15 12:27 - 2024-02-15 12:27 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-02-15 12:27 - 2024-02-15 12:27 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-02-15 12:27 - 2024-02-15 12:27 - 000054208 _____ C:\Windows\system32\Drivers\truesight.sys
2024-02-15 12:10 - 2024-02-15 12:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-15 12:10 - 2024-02-15 12:10 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-15 12:09 - 2024-02-15 12:09 - 000349976 _____ (Mozilla) C:\Users\NCC1701_02.02.24\Downloads\Firefox Installer.exe
2024-02-15 12:09 - 2024-02-15 12:09 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Google
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Program Files\Google
2024-02-15 12:08 - 2024-02-15 12:35 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-15 12:08 - 2024-02-15 12:08 - 001376816 _____ (Google LLC) C:\Users\NCC1701_02.02.24\Downloads\ChromeSetup.exe
2024-02-15 12:08 - 2024-02-15 12:08 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130}
2024-02-15 12:08 - 2024-02-15 12:08 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A}
2024-02-15 12:05 - 2024-02-15 12:05 - 017724920 _____ (VS Revo Group ) C:\Users\NCC1701_02.02.24\Downloads\RevoUninProSetup.exe
2024-02-15 11:42 - 2024-02-15 12:54 - 000000000 ____D C:\FRST
2024-02-15 11:19 - 2024-02-15 11:19 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\mbam
2024-02-15 11:18 - 2024-02-15 12:30 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Malwarebytes
2024-02-15 11:18 - 2024-02-15 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-15 11:18 - 2024-02-15 11:18 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-15 11:17 - 2024-02-15 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-14 19:13 - 2024-02-14 19:21 - 000000000 ____D C:\AdwCleaner
2024-02-14 18:11 - 2024-02-15 11:16 - 000000000 ____D C:\ProgramData\RogueKiller
2024-02-14 18:11 - 2024-02-14 19:29 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-02-14 18:11 - 2024-02-14 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-02-14 18:11 - 2024-02-14 19:29 - 000000000 ____D C:\Program Files\RogueKiller
2024-02-14 18:08 - 2024-02-15 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-14 18:06 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-02-14 18:05 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Logishrd
2024-02-14 18:05 - 2024-02-14 18:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\FirmwareUpdateTool
2024-02-14 18:03 - 2024-02-14 18:03 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2024-02-14 17:55 - 2024-02-15 12:43 - 000000000 ____D C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
2024-02-14 13:56 - 2024-02-15 12:44 - 000030144 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
2024-02-14 13:56 - 2024-02-15 12:44 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\f2f92f7da777fed42bd801386fe3fef40ecdd1f2f60852547650d0043e104074
2024-02-14 12:07 - 2024-02-14 14:58 - 000011216 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\147fce4307b24dcd765b311ec45e086e6b1a7280cbc4c293d9428641a4e96419
2024-02-14 12:07 - 2024-02-14 14:58 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\5f7b2a37684df71cc6418884f811a9a498a120de21d85c6dfdd0b200d2f6d786
2024-02-14 11:33 - 2024-02-14 11:33 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\edede1402b9ce1779b020af5609acb30ba9955601263375ef11894a57a33f68c
2024-02-08 12:45 - 2024-02-08 12:45 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PlaceholderTileLogoFolder
2024-02-07 16:24 - 2024-02-07 16:24 - 000003298 _____ C:\Windows\system32\Tasks\RNIdle Task
2024-02-07 16:23 - 2024-02-07 16:23 - 000000000 ____D C:\Program Files\Killer Networking
2024-02-07 16:04 - 2024-02-07 16:04 - 000000112 ___SH C:\bootTel.dat
2024-02-07 10:54 - 2024-02-07 10:54 - 000003834 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-02-07 10:50 - 2024-02-07 10:50 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CEF
2024-02-07 10:44 - 2024-02-15 12:29 - 000000000 __SHD C:\Users\NCC1701_02.02.24\IntelGraphicsProfiles
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NEO
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-02-07 10:41 - 2024-02-07 10:41 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-02-07 10:41 - 2024-01-23 02:06 - 000750616 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:06 - 000637440 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000942696 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000705600 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000591480 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000525840 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000453000 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 000518112 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000479312 _____ C:\Windows\system32\ze_loader.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000314856 _____ C:\Windows\system32\ze_validation_layer.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 027963880 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 020687952 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000303264 _____ C:\Windows\system32\ControlLib.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000250016 _____ C:\Windows\SysWOW64\ControlLib32.dll
2024-02-07 10:41 - 2024-01-05 17:19 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-02-07 10:40 - 2024-02-07 10:51 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Intel
2024-02-07 10:40 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Intel
2024-02-07 10:40 - 2024-02-07 10:41 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-02-07 10:40 - 2024-02-07 10:41 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-02-07 10:40 - 2024-02-07 10:40 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-02-07 10:38 - 2024-02-07 10:38 - 006281760 _____ (Intel) C:\Users\NCC1701_02.02.24\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2024-02-06 18:15 - 2024-02-07 10:44 - 000000000 ____D C:\Program Files\Intel
2024-02-06 18:10 - 2024-02-07 10:46 - 000000000 ____D C:\Program Files (x86)\Intel
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2024-02-06 18:10 - 2022-11-02 05:26 - 003234504 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsService.exe
2024-02-06 18:10 - 2022-11-02 05:26 - 000135368 _____ (Intel Corporation) C:\Windows\system32\Optane.dll
2024-02-06 18:10 - 2022-11-02 05:26 - 000025256 _____ (Intel Corporation) C:\Windows\system32\OptaneEventLogMsg.dll
2024-02-06 18:10 - 2022-11-02 05:25 - 000221352 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsNative.exe
2024-02-06 18:10 - 2022-11-02 05:25 - 000075464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAfs.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 001548488 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAC.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 000029384 _____ (Intel Corporation) C:\Windows\system32\RstMwEventLogMsg.dll
2024-02-06 18:04 - 2024-02-06 18:04 - 000000000 _____ C:\Windows\invcol.tmp
2024-02-06 18:03 - 2024-02-06 18:58 - 000000000 ____D C:\Program Files\Dell
2024-02-06 18:03 - 2024-02-06 18:03 - 000000000 ____D C:\Program Files (x86)\Dell
2024-02-06 18:02 - 2024-02-15 11:45 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-06 18:02 - 2024-02-15 11:44 - 000000000 ____D C:\Program Files\dotnet
2024-02-06 18:02 - 2024-02-14 19:22 - 000000000 ____D C:\ProgramData\Dell
2024-02-06 18:01 - 2024-02-06 18:01 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher.exe
2024-02-06 17:59 - 2024-02-06 17:59 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-06 17:59 - 2024-02-06 17:59 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-06 17:50 - 2024-02-07 17:21 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\bef731b8d57eaff614901472069b64360e2d656bfd76ea1add4389efddc043fb
2024-02-06 17:35 - 2024-02-15 12:35 - 000444619 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6fd7b3a63df1d4f9e5ebd8d3dc7595ddf69a3660fb7b0c2e9f98d13446fea740
2024-02-06 17:35 - 2024-02-15 10:56 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6ade6f6d78ece8ee0e6a9896681e2a81cf10959a1401482cda8cbb570802b55d
2024-02-06 17:28 - 2024-02-06 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\Windows\system32\Drivers\RivetNetworks
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\ProgramData\RivetNetworks
2024-02-06 17:24 - 2023-03-02 22:35 - 000292096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2024-02-06 17:24 - 2023-03-02 22:35 - 000247040 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2024-02-06 17:23 - 2024-02-06 17:23 - 000001814 _____ C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk
2024-02-06 17:23 - 2024-02-06 17:23 - 000000000 ____D C:\Program Files\Waves
2024-02-06 17:22 - 2024-02-15 12:32 - 000016811 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\9b7ccbd35dd68aa285baeafb7431630bce7ff8edf5a5899b484fc2d0af05f15c
2024-02-06 17:22 - 2024-02-15 12:26 - 000000000 ____D C:\Intel
2024-02-06 17:22 - 2024-02-07 10:52 - 000000026 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\0ad9e46285ca5fbf9c6d578692d600f22ab51e3d84eb5e84d7d05af5f093e5d8
2024-02-06 17:22 - 2024-02-06 17:22 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\LocalLow\Intel
2024-02-06 17:21 - 2024-02-06 17:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-06 17:20 - 2024-02-06 17:20 - 000000000 ____D C:\Windows\Firmware
2024-02-06 17:20 - 2023-03-02 22:34 - 006449048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-02-06 17:16 - 2024-02-14 18:10 - 000000000 ____D C:\Windows\system32\MRT
2024-02-06 15:30 - 2024-02-06 17:25 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-02-06 15:19 - 2024-02-14 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CrashDumps
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NPE
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\ProgramData\Norton
2024-02-05 13:52 - 2024-02-05 13:52 - 000000000 ____D C:\Geek Squad
2024-02-05 13:51 - 2024-02-05 13:52 - 000000000 ____D C:\ProgramData\Geek Squad
2024-02-02 18:11 - 2024-02-05 13:44 - 002826002 _____ C:\Windows\ntbtlog.txt
2024-02-02 18:11 - 2024-02-05 13:43 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-02 18:10 - 2024-02-05 13:45 - 000000000 ____D C:\Windows\pss
2024-02-02 16:06 - 2024-02-15 12:26 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-02-02 15:56 - 2024-02-02 15:56 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\VirtualStore
2024-02-02 15:36 - 2024-02-09 11:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\MMC
2024-02-02 15:32 - 2024-02-02 15:32 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Comms
2024-02-02 15:16 - 2024-02-02 15:16 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Publishers
2024-02-02 15:05 - 2024-02-02 15:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\OneDrive
2024-02-02 15:03 - 2024-02-15 11:40 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\D3DSCache
2024-02-02 15:02 - 2024-02-02 16:33 - 000000000 ___RD C:\Users\NCC1701_02.02.24\OneDrive
2024-02-02 15:02 - 2024-02-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\SystemCertificates
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Network
2024-02-02 14:59 - 2024-02-08 12:45 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Packages
2024-02-02 14:59 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\ConnectedDevicesPlatform
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Protect
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Crypto
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Credentials
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Vault
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Adobe
2024-02-02 14:58 - 2024-02-07 10:44 - 000000000 ____D C:\Users\NCC1701_02.02.24
2024-02-02 14:58 - 2024-02-02 15:14 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Spelling
2024-02-02 14:58 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows
2024-02-02 14:58 - 2024-02-02 14:58 - 000000020 ___SH C:\Users\NCC1701_02.02.24\ntuser.ini
2024-02-02 14:44 - 2024-02-15 12:32 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 14:42 - 2024-02-08 12:45 - 000000000 ____D C:\ProgramData\Packages
2024-02-02 14:40 - 2024-02-02 14:40 - 000000000 _SHDL C:\Documents and Settings
2024-02-02 14:36 - 2024-02-15 12:14 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 14:36 - 2024-02-15 12:14 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-02 14:35 - 2024-02-05 13:48 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 14:35 - 2024-02-05 13:48 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-02 14:34 - 2024-02-15 12:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 14:34 - 2024-02-02 20:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____D C:\Windows\system32\config\BFS
2024-02-02 14:33 - 2024-02-15 12:26 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-02 14:33 - 2024-02-15 12:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-02 14:33 - 2024-02-06 18:20 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-02 14:33 - 2024-02-06 14:48 - 000000000 ____D C:\Windows\Panther
2024-02-02 14:33 - 2024-02-02 14:33 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-15 12:54 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-15 12:54 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-15 12:44 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-15 12:38 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-15 12:32 - 2022-05-06 21:22 - 000000000 ____D C:\Windows\INF
2024-02-15 12:26 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-15 12:21 - 2022-05-06 21:17 - 000262144 _____ C:\Windows\system32\config\BBI
2024-02-15 12:20 - 2023-12-03 22:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-15 11:56 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-15 11:30 - 2022-05-06 21:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-15 11:18 - 2022-05-06 21:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-14 13:28 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\spool
2024-02-08 12:45 - 2022-05-06 21:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-07 10:55 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\servicing
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\UUS
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-06 17:19 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-02-06 15:38 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\appcompat
2024-02-05 13:48 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\NDF
2024-02-02 20:44 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 16:01 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-02-02 15:16 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-02 14:42 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-02 14:36 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-02 14:33 - 2022-05-06 21:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories ========
 
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ () C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {67e9a860-7a61-11ec-a02b-806e6f6e6963}
                        {67e9a861-7a61-11ec-a02b-806e6f6e6963}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
flightsigning           Yes
default                 {current}
resumeobject            {072b4e07-c21b-11ee-a693-84cb80a7a1f1}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {67e9a860-7a61-11ec-a02b-806e6f6e6963}
description             Onboard NIC(IPV4)
 
Firmware Application (101fffff)
-------------------------------
identifier              {67e9a861-7a61-11ec-a02b-806e6f6e6963}
description             Onboard NIC(IPV6)
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 11
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {072b4e09-c21b-11ee-a693-84cb80a7a1f1}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {072b4e07-c21b-11ee-a693-84cb80a7a1f1}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {072b4e09-c21b-11ee-a693-84cb80a7a1f1}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{072b4e0a-c21b-11ee-a693-84cb80a7a1f1}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{072b4e0a-c21b-11ee-a693-84cb80a7a1f1}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {09c405cc-9ec4-11e5-9b46-5ce0c5654d7a}
device                  ramdisk=[unknown]\sources\sos.wim,{492933ee-cd0d-11e1-9b66-d4bed91b7fc5}
path                    \windows\system32\winload.efi
description             Dell SupportAssist
locale                  en-US
inherit                 {bootloadersettings}
osdevice                ramdisk=[unknown]\sources\sos.wim,{492933ee-cd0d-11e1-9b66-d4bed91b7fc5}
systemroot              \Windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {25dc95dc-c0b0-11ee-8f05-d1934d13e038}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{25dc95dd-c0b0-11ee-8f05-d1934d13e038}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{25dc95dd-c0b0-11ee-8f05-d1934d13e038}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {072b4e07-c21b-11ee-a693-84cb80a7a1f1}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {072b4e09-c21b-11ee-a693-84cb80a7a1f1}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
custom:21000026         partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {072b4e0a-c21b-11ee-a693-84cb80a7a1f1}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.02.2024
Ran by NCC1701_02.02.24 (15-02-2024 12:54:44)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2024-02-02 22:41:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-287634066-2289251947-2206231936-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287634066-2289251947-2206231936-503 - Limited - Disabled)
Guest (S-1-5-21-287634066-2289251947-2206231936-501 - Limited - Disabled)
NCC1701_02.02.24 (S-1-5-21-287634066-2289251947-2206231936-1001 - Administrator - Enabled) => C:\Users\NCC1701_02.02.24
WDAGUtilityAccount (S-1-5-21-287634066-2289251947-2206231936-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell SupportAssist (HKLM\...\{1E5C3247-B6FF-47F2-AEE9-A921B21E914F}) (Version: 4.0.0.51819 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{EE5AFC69-5911-4A47-B78C-6BFBA883AF15}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.185 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{6045ACAB-3148-4E84-96EA-178F21611BD7}) (Version: 23.4.39.9 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Icls (HKLM\...\{E50319E3-A4FF-4642-A969-5C89B0A22E54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1B254687-4D73-4347-94CB-B25EFF73B9E4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2313.4.16.0 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{DD82CAB8-FEBE-4B83-BD5C-F125839A0F70}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{5DDCAB56-E374-431D-A70D-BEE3C9F787D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{AFFBB7E9-51F0-4A68-B6B6-DB7B13E5E372}) (Version: 1.74.5391.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{29da1471-6d4a-4198-af44-b83f9ba62651}) (Version: 1.74.5391.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}) (Version: 23.4.39.9 - Intel)
Killer Performance Driver Suite UWD (HKLM\...\{B13962C1-E499-4B6B-A472-81E7BAEEE94A}) (Version: 35.23.1292 - Rivet Networks)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.16 (x64) (HKLM\...\{9F51D16B-42E8-4A4A-8228-75045541A2AE}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.16 (x64) (HKLM\...\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.16 (x64) (HKLM\...\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.16 - Shared Framework (x64) (HKLM-x32\...\{5cc1be84-7e3a-4ef7-9ed9-ff9256196077}) (Version: 7.0.16.24068 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.16 Shared Framework (x64) (HKLM\...\{1B81ED58-6B0A-3911-9BF1-D57357A9637E}) (Version: 7.0.16.24068 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM\...\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}) (Version: 56.64.8804 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM-x32\...\{ef5af41f-d68c-48f7-bfb0-5055718601fc}) (Version: 7.0.16.33318 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 122.0.1 (x64 en-US)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
RogueKiller version 15.15.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.1.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
 
Packages:
=========
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.9.0_x64__htrsf667h5kn2 [2024-02-06] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-02-06] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corp.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-06] (Microsoft Corporation)
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.0.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-06] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-287634066-2289251947-2206231936-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-01-05 17:19 - 2024-01-05 17:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 21:24 - 2024-02-06 14:50 - 000000141 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.31.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{351D1435-0699-42CD-B5A6-935BCD2CB201}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FFF7DA16-82C0-493B-97BF-E212C9110B69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B79A45D1-15AD-475C-A8CD-575D69D8B237}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF91B770-5D55-43A6-A921-4F5347E1F2D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-02-2024 13:28:10 Windows Modules Installer
14-02-2024 19:20:57 AdwCleaner_BeforeCleaning_14/02/2024_19:20:56
 
==================== Faulty Device Manager Devices ============
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/14/2024 02:59:58 PM) (Source: Application Error) (EventID: 1000) (User: NEW-NCC1701)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3085, time stamp: 0x3a143f4b
Faulting module name: CoreUIComponents.dll, version: 10.0.22621.2506, time stamp: 0xd2acef3f
Exception code: 0xc0000005
Fault offset: 0x00000000000b8381
Faulting process id: 0x0xd34
Faulting application start time: 0x0x1da5f9987fff392
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\system32\CoreUIComponents.dll
Report Id: 4d40a8e5-9822-4d31-bb30-cd501eb8dcec
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (02/14/2024 02:16:10 PM) (Source: MsiInstaller) (EventID: 11730) (User: NEW-NCC1701)
Description: Product: Intel® Wireless Bluetooth® -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
 
Error: (02/14/2024 11:34:50 AM) (Source: Application Error) (EventID: 1000) (User: NEW-NCC1701)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3085, time stamp: 0x3a143f4b
Faulting module name: CoreUIComponents.dll, version: 10.0.22621.2506, time stamp: 0xd2acef3f
Exception code: 0xc0000005
Fault offset: 0x00000000000b8381
Faulting process id: 0x0x1558
Faulting application start time: 0x0x1da5f7cdfebedaf
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\system32\CoreUIComponents.dll
Report Id: 968b8d13-e380-4e92-a9b3-a1bef7b84c2e
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (02/08/2024 12:43:04 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SystemSettings.exe version 10.0.22621.3085 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (02/07/2024 08:59:26 PM) (Source: Application Error) (EventID: 1000) (User: NEW-NCC1701)
Description: Faulting application name: SecHealthUI.exe, version: 10.0.22621.1, time stamp: 0x739c493d
Faulting module name: wincorlib.DLL, version: 10.0.22621.2792, time stamp: 0xbf792f77
Exception code: 0xc0000005
Fault offset: 0x000000000000a3df
Faulting process id: 0x0x2bdc
Faulting application start time: 0x0x1da5a4b96259bc1
Faulting application path: C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
Faulting module path: C:\Windows\SYSTEM32\wincorlib.DLL
Report Id: c5b80753-23a1-45e1-9541-53b2d4943654
Faulting package full name: Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: SecHealthUI
 
Error: (02/07/2024 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: KAPS.exe, version: 3.1423.712.2, time stamp: 0x64ae3980
Faulting module name: KAPS.exe, version: 3.1423.712.2, time stamp: 0x64ae3980
Exception code: 0xc0000005
Fault offset: 0x00000000000ecd5a
Faulting process id: 0x0x242c
Faulting application start time: 0x0x1da5a22a782910d
Faulting application path: C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
Faulting module path: C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
Report Id: 403b6723-69ec-425a-9e1a-b36fb0d43e2d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2024 04:12:32 PM) (Source: MsiInstaller) (EventID: 10005) (User: NEW-NCC1701)
Description: Product: Killer Performance Driver Suite UWD -- Killer Performance Driver Suite UWD cannot be installed with Killer Wireless Drivers
 
Error: (02/07/2024 10:55:18 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program explorer.exe version 10.0.22621.3085 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
 
System errors:
=============
Error: (02/15/2024 12:27:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DSAService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/15/2024 12:27:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the DSAService service to connect.
 
Error: (02/15/2024 12:27:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemUsageReportSvc_QUEENCREEK service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/15/2024 12:27:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/15/2024 12:27:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SystemUsageReportSvc_QUEENCREEK service to connect.
 
Error: (02/15/2024 12:27:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.
 
Error: (02/15/2024 12:27:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DellTechHub service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/15/2024 12:27:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the DellTechHub service to connect.
 
 
Windows Defender:
================
Date: 2024-02-14 12:49:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
CodeIntegrity:
===============
Date: 2024-02-15 12:28:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ca4b456b5e9690a6\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2024-02-15 12:10:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.17.0 12/11/2023
Motherboard: Dell Inc. 0K3CM7
Processor: 11th Gen Intel® Core™ i7-11700 @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 15957.25 MB
Available physical RAM: 9671.15 MB
Total Virtual: 16981.25 MB
Available Virtual: 10504.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1863 GB) (Free:1823.09 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (D) (Fixed) (Total:456.6 GB) (Free:456.49 GB) (Model: NVMe PM991a NVMe Sams) NTFS
 
\\?\Volume{00812eab-605c-4f2f-8ac8-6f380e8ceb93}\ (F) (Fixed) (Total:1.35 GB) (Free:0.63 GB) NTFS
\\?\Volume{ab0ecfc8-ae52-4d48-860d-b7cf99502eb7}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 9B9E0B6D)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 



BC AdBot (Login to Remove)

 


#2 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 February 2024 - 06:35 AM

Hi Romy99,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis



#3 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 16 February 2024 - 08:26 AM

There are no obvious signs of malware showing in the logs, although I would like to check a few items.
Also we can do some clean-up and maintenance, including the Sytem File Checker to try and resolve some errors showing.
We will then run a malware scan and look at any remaining concerns.

Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
Folder: C:\Users\NCC1701_02.02.24\AppData\Local\NEO
cmd: type C:\bootTel.dat
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker -> No File <==== ATTENTION
Task: {4C4A5CDD-4131-4C0E-8C5D-DFC0266123EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 workfolderssvc; %systemroot%\system32\workfolderssvc.dll [X]
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
  • Click on the Fix button just once and wait.
  • If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.



#4 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 17 February 2024 - 12:22 AM

Hi Dennis, Thanks for the quick reply. PC is running a tad "choppy" if that makes sense. It is not connected to internet, perhaps needs updates? Here are the results:

 Fix result of Farbar Recovery Scan Tool (x64) Version: 11.02.2024

Ran by NCC1701_02.02.24 (16-02-2024 20:58:35) Run:1
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
Loaded Profiles: NCC1701_02.02.24
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
Folder: C:\Users\NCC1701_02.02.24\AppData\Local\NEO
cmd: type C:\bootTel.dat
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker -> No File <==== ATTENTION
Task: {4C4A5CDD-4131-4C0E-8C5D-DFC0266123EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 workfolderssvc; %systemroot%\system32\workfolderssvc.dll [X]
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d ========================
 
C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
File not signed
MD5: 8D7B033CFE00A549B878D16D624E0671
Creation and modification date: 2024-02-14 13:56 - 2024-02-16 20:58
Size: 000032382
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= Folder: C:\Users\NCC1701_02.02.24\AppData\Local\NEO ========================
 
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D [00000000000000000000000000000000] C:\Users\NCC1701_02.02.24\AppData\Local\NEO\neo_compiler_cache
2024-02-07 10:44 - 2024-02-07 10:44 - 000115000 ____A [44C0760A507DC29AD6F8D271C8299695] () C:\Users\NCC1701_02.02.24\AppData\Local\NEO\neo_compiler_cache\430154302be5ff03.cl_cache
2024-02-07 10:44 - 2024-02-07 10:44 - 000000008 ____A [7EFA008A8F193CE40109C41DB10755FD] () C:\Users\NCC1701_02.02.24\AppData\Local\NEO\neo_compiler_cache\config.file
 
====== End of Folder: ======
 
 
========= type C:\bootTel.dat =========
 
p   ₧┤Vz
⌐@ç  <Sæ╜*    9±·ⁿ   n t f s                                      µ                             
 
========= End of CMD: =========
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C4A5CDD-4131-4C0E-8C5D-DFC0266123EC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C4A5CDD-4131-4C0E-8C5D-DFC0266123EC}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
HKLM\System\CurrentControlSet\Services\Killer Provider Data Helper Service => removed successfully
Killer Provider Data Helper Service => service removed successfully
HKLM\System\CurrentControlSet\Services\WMPNetworkSvc => removed successfully
WMPNetworkSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\workfolderssvc" => removed successfully
workfolderssvc => service removed successfully
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3155
 
 
[==                         3.8%                           ] 
 
[==                         4.5%                           ] 
 
[===                        5.4%                           ] 
 
[===                        6.3%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.5%                           ] 
 
[====                       8.5%                           ] 
 
[=====                      9.4%                           ] 
 
[======                     10.4%                          ] 
 
[======                     11.4%                          ] 
 
[=======                    12.4%                          ] 
 
[=======                    13.4%                          ] 
 
[========                   14.3%                          ] 
 
[========                   15.3%                          ] 
 
[=========                  16.3%                          ] 
 
[==========                 17.3%                          ] 
 
[==========                 18.3%                          ] 
 
[===========                19.2%                          ] 
 
[===========                20.2%                          ] 
 
[============               21.2%                          ] 
 
[============               22.2%                          ] 
 
[=============              22.8%                          ] 
 
[=============              23.6%                          ] 
 
[==============             24.6%                          ] 
 
[==============             25.6%                          ] 
 
[===============            26.6%                          ] 
 
[===============            27.5%                          ] 
 
[================           28.5%                          ] 
 
[=================          29.4%                          ] 
 
[=================          30.4%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.6%                          ] 
 
[==================         32.1%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.8%                          ] 
 
[====================       34.6%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.7%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.2%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.3%                          ] 
 
[========================   41.9%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.9%                          ] 
 
[========================   42.9%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.4%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.3%                          ] 
 
[=========================  44.4%                          ] 
 
[=========================  44.7%                          ] 
 
[========================== 44.8%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 46.0%                          ] 
 
[===========================46.6%                          ] 
 
[===========================47.6%                          ] 
 
[===========================48.6%                          ] 
 
[===========================49.6%                          ] 
 
[===========================50.6%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.7%                          ] 
 
[===========================51.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================58.1%=                         ] 
 
[===========================58.2%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================59.2%==                        ] 
 
[===========================59.3%==                        ] 
 
[===========================59.3%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.9%==                        ] 
 
[===========================62.3%====                      ] 
 
[==========================100.0%==========================] 
 
Error: 0x800f081f
 
The source files could not be found. 
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see https://go.microsoft.com/fwlink/?LinkId=243077.
 
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17965678 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 443983148 B
Edge => 0 B
Chrome => 52100146 B
Firefox => 77996012 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 6307459 B
systemprofile32 => 6307459 B
LocalService => 6327713 B
NetworkService => 18745915 B
NCC1701_02.02.24 => 156027096 B
 
RecycleBin => 0 B
EmptyTemp: => 750.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:11:32 ====

Edited by Romy99, 17 February 2024 - 12:23 AM.


#5 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 17 February 2024 - 09:40 AM

Could you please provide some more detail on the uneven running?
Also please clarify if you are able to connect to the internet. If you are then please run Windows Update .
Press the Windows logo key + I combination on your keyboard to open the Settings app.
Click on Update and Security.
Select Windows Update and then click the Check for Updates button.
Please advise if any updates were shown and if they installed ok.
-------------------------------------------------------------------------------------
Then please run the DISM command again, while the computer is online, as follows.

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
File: C:\Users\NCC1701_02.02.24\AppData\Local\NEO\neo_compiler_cache\430154302be5ff03.cl_cache
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Reboot:
End::
  • Click on the Fix button just once and wait.
  • Please make sure you let the system restart normally.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also please advise if the computer is running any better now?



#6 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 19 February 2024 - 04:35 PM

Ok, I've applied the fix and I checked for updates. Everything was up to date. 

Computer seems to be running more smoothly now, before it was freezing in between tasks, or it would click or type with a slight delay. Here are the latest scans after I ran the fix: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
Ran by NCC1701_02.02.24 (administrator) on NEW-NCC1701 (Dell Inc. XPS 8940) (19-02-2024 12:35:36)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY\FRST64.exe
Loaded Profiles: NCC1701_02.02.24
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManager.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe <7>
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxEMN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ca4b456b5e9690a6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> MSPCManagerService) C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> MSPCManager) C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManager.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe [1649504 2023-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe [5083736 2023-02-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1617960 2023-12-05] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-15] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {CCD5E882-466F-4294-8FA8-2BF3547DEB72} - System32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {3F4E2B57-72D4-4C77-BF3E-47FAA2D5151F} - System32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {5D82B75E-74BF-43D7-BEDD-0D6E648D65DD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {F933043F-E6F5-46BC-8273-971DAB0DF1C1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {933320C6-7752-4A36-8206-3ED62461F1CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [191155960 2024-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {9810E9AA-3E21-42DF-B20F-D65F7C9C1B47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2F108418-269A-45A2-9FE3-F7ACC30953B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0CFAAFDD-F52B-4011-A88D-9816E8F69603} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {227730B2-654A-4BAC-96E1-C5825552F2A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {99272C9D-9A3C-41F4-9E27-381D29A5D705} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4F0067C2-EE35-4CCE-84C9-F2FAE44EB357} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {3BFF8200-DBA5-4862-8CE5-FA37F85879CB} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31536 2023-12-18] (Intel Corporation -> )
Task: {65365E6D-5510-4ECC-8775-6DAACE394058} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-12-03] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.31.200
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}\0534F4E4C495F5F4344523032333: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{f061f94f-7f6c-489f-a5e9-f0921c55f548}: [DhcpNameServer] 192.168.31.200
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-19]
Edge Extension: (Google Docs Offline) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-02]
Edge Extension: (Edge relevant text changes) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
 
FireFox:
========
FF DefaultProfile: 8ixzsuoo.default
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\8ixzsuoo.default [2024-02-16]
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\yurzp3sj.default-release [2024-02-16]
 
Chrome: 
=======
CHR Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default [2024-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-01-17] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [240392 2024-01-17] (Intel Corporation -> Intel)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation)
R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78240 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2385824 2023-12-18] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2639776 2023-12-18] (Intel Corporation -> Intel)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
R2 PCManager Service Store; C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe [153024 2024-02-19] (Microsoft Corporation -> MSPCManagerService)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159072 2024-01-17] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [561152 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [149864 2020-06-16] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_808162718b526a1e\e2k68cx21x64.sys [752448 2023-12-19] (Realtek Semiconductor Corp. -> Realtek)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [254768 2023-12-18] (Intel Corporation -> Rivet Networks, LLC.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-02-19] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-02-19] (Malwarebytes Inc. -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2024-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-19 11:47 - 2024-02-19 11:47 - 000002359 _____ C:\Users\Public\Desktop\PC Manager.lnk
2024-02-19 11:47 - 2024-02-19 11:47 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PC Manager Store
2024-02-19 11:46 - 2024-02-19 11:49 - 000000000 ____D C:\ProgramData\Windows Master Store
2024-02-19 11:40 - 2024-02-19 11:40 - 000004036 _____ C:\Windows\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-287634066-2289251947-2206231936-1001_0
2024-02-19 11:14 - 2024-02-19 11:14 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-02-19 11:14 - 2024-02-19 11:14 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-02-19 11:14 - 2024-02-19 11:14 - 000054208 _____ C:\Windows\system32\Drivers\truesight.sys
2024-02-15 12:10 - 2024-02-15 12:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-15 12:10 - 2024-02-15 12:10 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-15 12:09 - 2024-02-15 12:09 - 000349976 _____ (Mozilla) C:\Users\NCC1701_02.02.24\Downloads\Firefox Installer.exe
2024-02-15 12:09 - 2024-02-15 12:09 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Google
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Program Files\Google
2024-02-15 12:08 - 2024-02-19 12:14 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-15 12:08 - 2024-02-15 12:08 - 001376816 _____ (Google LLC) C:\Users\NCC1701_02.02.24\Downloads\ChromeSetup.exe
2024-02-15 12:08 - 2024-02-15 12:08 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130}
2024-02-15 12:08 - 2024-02-15 12:08 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A}
2024-02-15 12:05 - 2024-02-15 12:05 - 017724920 _____ (VS Revo Group ) C:\Users\NCC1701_02.02.24\Downloads\RevoUninProSetup.exe
2024-02-15 11:42 - 2024-02-19 12:36 - 000000000 ____D C:\FRST
2024-02-15 11:19 - 2024-02-15 11:19 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\mbam
2024-02-15 11:18 - 2024-02-19 11:47 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Malwarebytes
2024-02-15 11:18 - 2024-02-15 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-15 11:17 - 2024-02-15 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-14 19:13 - 2024-02-14 19:21 - 000000000 ____D C:\AdwCleaner
2024-02-14 18:08 - 2024-02-15 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-14 18:06 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-02-14 18:05 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Logishrd
2024-02-14 18:05 - 2024-02-14 18:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\FirmwareUpdateTool
2024-02-14 18:03 - 2024-02-14 18:03 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2024-02-14 17:55 - 2024-02-19 12:35 - 000000000 ____D C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
2024-02-14 13:56 - 2024-02-19 11:01 - 000032382 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
2024-02-14 13:56 - 2024-02-16 20:58 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\f2f92f7da777fed42bd801386fe3fef40ecdd1f2f60852547650d0043e104074
2024-02-14 12:07 - 2024-02-14 14:58 - 000011216 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\147fce4307b24dcd765b311ec45e086e6b1a7280cbc4c293d9428641a4e96419
2024-02-14 12:07 - 2024-02-14 14:58 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\5f7b2a37684df71cc6418884f811a9a498a120de21d85c6dfdd0b200d2f6d786
2024-02-14 11:33 - 2024-02-14 11:33 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\edede1402b9ce1779b020af5609acb30ba9955601263375ef11894a57a33f68c
2024-02-08 12:45 - 2024-02-19 11:46 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PlaceholderTileLogoFolder
2024-02-07 16:24 - 2024-02-07 16:24 - 000003298 _____ C:\Windows\system32\Tasks\RNIdle Task
2024-02-07 16:23 - 2024-02-07 16:23 - 000000000 ____D C:\Program Files\Killer Networking
2024-02-07 16:04 - 2024-02-07 16:04 - 000000112 ___SH C:\bootTel.dat
2024-02-07 10:50 - 2024-02-07 10:50 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CEF
2024-02-07 10:44 - 2024-02-19 11:38 - 000000000 __SHD C:\Users\NCC1701_02.02.24\IntelGraphicsProfiles
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NEO
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-02-07 10:41 - 2024-02-07 10:41 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-02-07 10:41 - 2024-01-23 02:06 - 000750616 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:06 - 000637440 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000942696 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000705600 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000591480 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000525840 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000453000 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 000518112 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000479312 _____ C:\Windows\system32\ze_loader.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000314856 _____ C:\Windows\system32\ze_validation_layer.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 027963880 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 020687952 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000303264 _____ C:\Windows\system32\ControlLib.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000250016 _____ C:\Windows\SysWOW64\ControlLib32.dll
2024-02-07 10:41 - 2024-01-05 17:19 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-02-07 10:40 - 2024-02-07 10:51 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Intel
2024-02-07 10:40 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Intel
2024-02-07 10:40 - 2024-02-07 10:41 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-02-07 10:40 - 2024-02-07 10:41 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-02-07 10:40 - 2024-02-07 10:40 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-02-07 10:38 - 2024-02-07 10:38 - 006281760 _____ (Intel) C:\Users\NCC1701_02.02.24\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2024-02-06 18:15 - 2024-02-07 10:44 - 000000000 ____D C:\Program Files\Intel
2024-02-06 18:10 - 2024-02-07 10:46 - 000000000 ____D C:\Program Files (x86)\Intel
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2024-02-06 18:10 - 2022-11-02 05:26 - 003234504 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsService.exe
2024-02-06 18:10 - 2022-11-02 05:26 - 000135368 _____ (Intel Corporation) C:\Windows\system32\Optane.dll
2024-02-06 18:10 - 2022-11-02 05:26 - 000025256 _____ (Intel Corporation) C:\Windows\system32\OptaneEventLogMsg.dll
2024-02-06 18:10 - 2022-11-02 05:25 - 000221352 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsNative.exe
2024-02-06 18:10 - 2022-11-02 05:25 - 000075464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAfs.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 001548488 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAC.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 000029384 _____ (Intel Corporation) C:\Windows\system32\RstMwEventLogMsg.dll
2024-02-06 18:04 - 2024-02-06 18:04 - 000000000 _____ C:\Windows\invcol.tmp
2024-02-06 18:03 - 2024-02-06 18:58 - 000000000 ____D C:\Program Files\Dell
2024-02-06 18:03 - 2024-02-06 18:03 - 000000000 ____D C:\Program Files (x86)\Dell
2024-02-06 18:02 - 2024-02-15 11:45 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-06 18:02 - 2024-02-15 11:44 - 000000000 ____D C:\Program Files\dotnet
2024-02-06 18:02 - 2024-02-14 19:22 - 000000000 ____D C:\ProgramData\Dell
2024-02-06 18:01 - 2024-02-06 18:01 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher.exe
2024-02-06 17:59 - 2024-02-06 17:59 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-06 17:59 - 2024-02-06 17:59 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-06 17:50 - 2024-02-07 17:21 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\bef731b8d57eaff614901472069b64360e2d656bfd76ea1add4389efddc043fb
2024-02-06 17:35 - 2024-02-19 12:04 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6ade6f6d78ece8ee0e6a9896681e2a81cf10959a1401482cda8cbb570802b55d
2024-02-06 17:35 - 2024-02-19 11:44 - 000444619 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6fd7b3a63df1d4f9e5ebd8d3dc7595ddf69a3660fb7b0c2e9f98d13446fea740
2024-02-06 17:28 - 2024-02-06 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\Windows\system32\Drivers\RivetNetworks
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\ProgramData\RivetNetworks
2024-02-06 17:24 - 2023-03-02 22:35 - 000292096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2024-02-06 17:24 - 2023-03-02 22:35 - 000247040 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2024-02-06 17:23 - 2024-02-06 17:23 - 000001814 _____ C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk
2024-02-06 17:23 - 2024-02-06 17:23 - 000000000 ____D C:\Program Files\Waves
2024-02-06 17:22 - 2024-02-19 11:39 - 000016811 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\9b7ccbd35dd68aa285baeafb7431630bce7ff8edf5a5899b484fc2d0af05f15c
2024-02-06 17:22 - 2024-02-19 11:14 - 000000000 ____D C:\Intel
2024-02-06 17:22 - 2024-02-07 10:52 - 000000026 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\0ad9e46285ca5fbf9c6d578692d600f22ab51e3d84eb5e84d7d05af5f093e5d8
2024-02-06 17:22 - 2024-02-06 17:22 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\LocalLow\Intel
2024-02-06 17:21 - 2024-02-06 17:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-06 17:20 - 2024-02-06 17:20 - 000000000 ____D C:\Windows\Firmware
2024-02-06 17:20 - 2023-03-02 22:34 - 006449048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-02-06 17:16 - 2024-02-14 18:10 - 000000000 ____D C:\Windows\system32\MRT
2024-02-06 15:30 - 2024-02-06 17:25 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-02-06 15:19 - 2024-02-14 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CrashDumps
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NPE
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\ProgramData\Norton
2024-02-05 13:52 - 2024-02-05 13:52 - 000000000 ____D C:\Geek Squad
2024-02-05 13:51 - 2024-02-05 13:52 - 000000000 ____D C:\ProgramData\Geek Squad
2024-02-02 18:11 - 2024-02-05 13:44 - 002826002 _____ C:\Windows\ntbtlog.txt
2024-02-02 18:11 - 2024-02-05 13:43 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-02 18:10 - 2024-02-05 13:45 - 000000000 ____D C:\Windows\pss
2024-02-02 16:06 - 2024-02-19 11:13 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-02-02 15:56 - 2024-02-02 15:56 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\VirtualStore
2024-02-02 15:36 - 2024-02-09 11:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\MMC
2024-02-02 15:32 - 2024-02-02 15:32 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Comms
2024-02-02 15:16 - 2024-02-02 15:16 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Publishers
2024-02-02 15:05 - 2024-02-02 15:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\OneDrive
2024-02-02 15:03 - 2024-02-19 10:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\D3DSCache
2024-02-02 15:02 - 2024-02-02 16:33 - 000000000 ___RD C:\Users\NCC1701_02.02.24\OneDrive
2024-02-02 15:02 - 2024-02-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\SystemCertificates
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Network
2024-02-02 14:59 - 2024-02-19 11:46 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Packages
2024-02-02 14:59 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\ConnectedDevicesPlatform
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Protect
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Crypto
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Credentials
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Vault
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Adobe
2024-02-02 14:58 - 2024-02-19 10:02 - 000000000 ____D C:\Users\NCC1701_02.02.24
2024-02-02 14:58 - 2024-02-02 15:14 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Spelling
2024-02-02 14:58 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows
2024-02-02 14:58 - 2024-02-02 14:58 - 000000020 ___SH C:\Users\NCC1701_02.02.24\ntuser.ini
2024-02-02 14:44 - 2024-02-19 11:19 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 14:42 - 2024-02-19 11:46 - 000000000 ____D C:\ProgramData\Packages
2024-02-02 14:40 - 2024-02-02 14:40 - 000000000 _SHDL C:\Documents and Settings
2024-02-02 14:36 - 2024-02-15 12:14 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 14:35 - 2024-02-05 13:48 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 14:35 - 2024-02-05 13:48 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-02 14:34 - 2024-02-19 11:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 14:34 - 2024-02-02 20:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____D C:\Windows\system32\config\BFS
2024-02-02 14:33 - 2024-02-19 11:14 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-02 14:33 - 2024-02-19 11:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-02 14:33 - 2024-02-06 18:20 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-02 14:33 - 2024-02-06 14:48 - 000000000 ____D C:\Windows\Panther
2024-02-02 14:33 - 2024-02-02 14:33 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-19 12:16 - 2022-05-06 21:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-19 12:16 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-19 12:14 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-19 12:14 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-19 11:19 - 2022-05-06 21:22 - 000000000 ____D C:\Windows\INF
2024-02-19 11:14 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-19 11:13 - 2022-05-06 21:17 - 000262144 _____ C:\Windows\system32\config\BBI
2024-02-19 11:12 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-19 10:10 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-16 20:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-15 12:20 - 2023-12-03 22:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-15 11:30 - 2022-05-06 21:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-15 11:18 - 2022-05-06 21:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-14 13:28 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\spool
2024-02-07 10:55 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\servicing
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\UUS
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-06 17:19 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-02-06 15:38 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\appcompat
2024-02-05 13:48 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\NDF
2024-02-02 20:44 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 16:01 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-02-02 15:16 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-02 14:42 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-02 14:33 - 2022-05-06 21:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories ========
 
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ () C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by NCC1701_02.02.24 (19-02-2024 12:36:53)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2024-02-02 22:41:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-287634066-2289251947-2206231936-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287634066-2289251947-2206231936-503 - Limited - Disabled)
Guest (S-1-5-21-287634066-2289251947-2206231936-501 - Limited - Disabled)
NCC1701_02.02.24 (S-1-5-21-287634066-2289251947-2206231936-1001 - Administrator - Enabled) => C:\Users\NCC1701_02.02.24
WDAGUtilityAccount (S-1-5-21-287634066-2289251947-2206231936-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell SupportAssist (HKLM\...\{1E5C3247-B6FF-47F2-AEE9-A921B21E914F}) (Version: 4.0.0.51819 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{EE5AFC69-5911-4A47-B78C-6BFBA883AF15}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.185 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{6045ACAB-3148-4E84-96EA-178F21611BD7}) (Version: 23.4.39.9 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Icls (HKLM\...\{E50319E3-A4FF-4642-A969-5C89B0A22E54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1B254687-4D73-4347-94CB-B25EFF73B9E4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2313.4.16.0 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{DD82CAB8-FEBE-4B83-BD5C-F125839A0F70}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{5DDCAB56-E374-431D-A70D-BEE3C9F787D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{AFFBB7E9-51F0-4A68-B6B6-DB7B13E5E372}) (Version: 1.74.5391.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{29da1471-6d4a-4198-af44-b83f9ba62651}) (Version: 1.74.5391.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}) (Version: 23.4.39.9 - Intel)
Killer Performance Driver Suite UWD (HKLM\...\{B13962C1-E499-4B6B-A472-81E7BAEEE94A}) (Version: 35.23.1292 - Rivet Networks)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.16 (x64) (HKLM\...\{9F51D16B-42E8-4A4A-8228-75045541A2AE}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.16 (x64) (HKLM\...\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.16 (x64) (HKLM\...\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.16 - Shared Framework (x64) (HKLM-x32\...\{5cc1be84-7e3a-4ef7-9ed9-ff9256196077}) (Version: 7.0.16.24068 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.16 Shared Framework (x64) (HKLM\...\{1B81ED58-6B0A-3911-9BF1-D57357A9637E}) (Version: 7.0.16.24068 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM\...\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}) (Version: 56.64.8804 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM-x32\...\{ef5af41f-d68c-48f7-bfb0-5055718601fc}) (Version: 7.0.16.33318 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 122.0.1 (x64 en-US)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
 
Packages:
=========
 
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.9.0_x64__htrsf667h5kn2 [2024-02-06] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-02-06] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corp.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corporation)
Microsoft.MicrosoftPCManager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-06] (Microsoft Corporation)
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-06] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-287634066-2289251947-2206231936-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2023-01-10 20:13 - 2023-01-10 20:13 - 001635328 _____ () [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\e_sqlite3.DLL
2023-01-10 20:21 - 2023-01-10 20:21 - 000005120 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.batteries_v2.dll
2023-01-10 20:18 - 2023-01-10 20:18 - 000050688 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.core.dll
2023-01-10 20:18 - 2023-01-10 20:18 - 000035840 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.provider.e_sqlite3.dll
2024-01-05 17:19 - 2024-01-05 17:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 21:24 - 2024-02-06 14:50 - 000000141 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.31.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{351D1435-0699-42CD-B5A6-935BCD2CB201}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FFF7DA16-82C0-493B-97BF-E212C9110B69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B79A45D1-15AD-475C-A8CD-575D69D8B237}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF91B770-5D55-43A6-A921-4F5347E1F2D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-02-2024 13:28:10 Windows Modules Installer
14-02-2024 19:20:57 AdwCleaner_BeforeCleaning_14/02/2024_19:20:56
19-02-2024 11:46:30 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Description: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw10
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/19/2024 11:01:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/19/2024 11:01:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6bdf45b0-4960-4e98-a440-214b393c48a3}
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (02/19/2024 12:16:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.
 
Error: (02/19/2024 11:14:06 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml
 
Error: (02/19/2024 11:14:06 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml
 
Error: (02/19/2024 10:00:12 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml
 
Error: (02/19/2024 10:00:12 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml
 
Error: (02/19/2024 10:00:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:54:11 AM on ‎2/‎17/‎2024 was unexpected.
 
Error: (02/16/2024 09:13:13 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml
 
Error: (02/16/2024 09:13:13 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml
 
 
Windows Defender:
================
Date: 2024-02-19 12:03:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-14 12:49:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
CodeIntegrity:
===============
Date: 2024-02-19 11:57:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.17.0 12/11/2023
Motherboard: Dell Inc. 0K3CM7
Processor: 11th Gen Intel® Core™ i7-11700 @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 15957.25 MB
Available physical RAM: 8962.9 MB
Total Virtual: 16981.25 MB
Available Virtual: 9851.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1863 GB) (Free:1807.24 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (D) (Fixed) (Total:456.6 GB) (Free:456.49 GB) (Model: NVMe PM991a NVMe Sams) NTFS
Drive e: ® (Removable) (Total:7.44 GB) (Free:7.3 GB) FAT32
 
\\?\Volume{00812eab-605c-4f2f-8ac8-6f380e8ceb93}\ (F) (Fixed) (Total:1.35 GB) (Free:0.63 GB) NTFS
\\?\Volume{ab0ecfc8-ae52-4d48-860d-b7cf99502eb7}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 271FE25E)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================


#7 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 20 February 2024 - 04:38 AM

I am pleased to hear that your computer is running better now.
Could you please copy and paste the contents of the Fixlog.txt file, that was created by FRST, after the last fix.
Then please run a full scan with ESET Online Scanner, as an extra check.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.

 



#8 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 23 February 2024 - 08:37 AM

Please advise if you still need help?
It has been 3 days since my last post.
If you have not replied within the next 48 hours, I will assume that you no longer need help and this topic will be closed.



#9 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 25 February 2024 - 06:24 PM

Sorry - was out of town for a conference. Just got back. Wasn't able to work on my PC since. I will try today or tomorrow and report back, THANK YOU AGAIN SO MUCH FOR ALL THE HELP!!!



#10 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 26 February 2024 - 03:16 AM

No problem.

Thanks for letting me know.



#11 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 29 February 2024 - 06:22 AM

Have you had a chance to do this yet?



#12 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 29 February 2024 - 03:00 PM

Hello, I finally was able to get this done. Sorry for the delay and Thank you again for your help! 

Here are the results :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by NCC1701_02.02.24 (administrator) on NEW-NCC1701 (Dell Inc. XPS 8940) (29-02-2024 11:33:33)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY\FRST64.exe
Loaded Profiles: NCC1701_02.02.24
Platform: Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxEMN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ca4b456b5e9690a6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe [1649504 2023-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe [5083736 2023-02-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1617960 2023-12-05] (Intel Corporation -> Intel Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-02-29] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {CCD5E882-466F-4294-8FA8-2BF3547DEB72} - System32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {3F4E2B57-72D4-4C77-BF3E-47FAA2D5151F} - System32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {5D82B75E-74BF-43D7-BEDD-0D6E648D65DD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {F933043F-E6F5-46BC-8273-971DAB0DF1C1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {99272C9D-9A3C-41F4-9E27-381D29A5D705} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4F0067C2-EE35-4CCE-84C9-F2FAE44EB357} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {3BFF8200-DBA5-4862-8CE5-FA37F85879CB} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31536 2023-12-18] (Intel Corporation -> )
Task: {65365E6D-5510-4ECC-8775-6DAACE394058} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-12-03] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.42.10
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}\0534F4E4C495F5F4344523032333: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{f061f94f-7f6c-489f-a5e9-f0921c55f548}: [DhcpNameServer] 192.168.42.10
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-19]
Edge Extension: (Google Docs Offline) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-02]
Edge Extension: (Edge relevant text changes) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
 
FireFox:
========
FF DefaultProfile: 8ixzsuoo.default
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\8ixzsuoo.default [2024-02-16]
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\yurzp3sj.default-release [2024-02-16]
 
Chrome: 
=======
CHR Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default [2024-02-29]
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.essexapartmenthomes.com/"
CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/override.html"
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-29]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2024-02-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-29]
CHR Extension: (Guardio Protection for Chrome) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2024-02-29]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-29]
CHR Extension: (Speed Dial 2 New tab) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2024-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-01-17] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [240392 2024-01-17] (Intel Corporation -> Intel)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation)
R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78240 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2385824 2023-12-18] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2639776 2023-12-18] (Intel Corporation -> Intel)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2023-12-18] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
S2 PCManager Service Store; C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe [153024 2024-02-19] (Microsoft Corporation -> MSPCManagerService)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159072 2024-01-17] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [561152 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [149864 2020-06-16] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_808162718b526a1e\e2k68cx21x64.sys [752448 2023-12-19] (Realtek Semiconductor Corp. -> Realtek)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [254768 2023-12-18] (Intel Corporation -> Rivet Networks, LLC.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-02-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
R3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [21040 2024-02-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [608648 2024-02-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-29] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-29 11:24 - 2024-02-29 11:24 - 015274968 _____ (ESET) C:\Users\NCC1701_02.02.24\Downloads\esetonlinescanner.exe
2024-02-29 10:57 - 2024-02-29 10:57 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-02-29 10:57 - 2024-02-29 10:57 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-02-29 10:46 - 2024-02-29 10:46 - 000020023 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-29 10:44 - 2024-02-29 10:44 - 000020023 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-19 11:47 - 2024-02-19 11:47 - 000002359 _____ C:\Users\Public\Desktop\PC Manager.lnk
2024-02-19 11:47 - 2024-02-19 11:47 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PC Manager Store
2024-02-19 11:46 - 2024-02-19 11:49 - 000000000 ____D C:\ProgramData\Windows Master Store
2024-02-15 12:10 - 2024-02-15 12:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-15 12:10 - 2024-02-15 12:10 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-15 12:09 - 2024-02-29 11:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-29 11:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000349976 _____ (Mozilla) C:\Users\NCC1701_02.02.24\Downloads\Firefox Installer.exe
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Google
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Program Files\Google
2024-02-15 12:08 - 2024-02-29 11:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-15 12:08 - 2024-02-15 12:08 - 001376816 _____ (Google LLC) C:\Users\NCC1701_02.02.24\Downloads\ChromeSetup.exe
2024-02-15 12:08 - 2024-02-15 12:08 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130}
2024-02-15 12:08 - 2024-02-15 12:08 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A}
2024-02-15 12:05 - 2024-02-15 12:05 - 017724920 _____ (VS Revo Group ) C:\Users\NCC1701_02.02.24\Downloads\RevoUninProSetup.exe
2024-02-15 11:42 - 2024-02-29 11:33 - 000000000 ____D C:\FRST
2024-02-15 11:19 - 2024-02-15 11:19 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\mbam
2024-02-15 11:18 - 2024-02-29 11:29 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Malwarebytes
2024-02-15 11:18 - 2024-02-15 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-15 11:17 - 2024-02-15 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-14 19:13 - 2024-02-14 19:21 - 000000000 ____D C:\AdwCleaner
2024-02-14 18:08 - 2024-02-15 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-14 18:06 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-02-14 18:05 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Logishrd
2024-02-14 18:05 - 2024-02-14 18:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\FirmwareUpdateTool
2024-02-14 18:03 - 2024-02-14 18:03 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2024-02-14 17:55 - 2024-02-29 11:33 - 000000000 ____D C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
2024-02-14 13:56 - 2024-02-19 13:22 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\f2f92f7da777fed42bd801386fe3fef40ecdd1f2f60852547650d0043e104074
2024-02-14 13:56 - 2024-02-19 12:38 - 000032382 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
2024-02-14 12:07 - 2024-02-14 14:58 - 000011216 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\147fce4307b24dcd765b311ec45e086e6b1a7280cbc4c293d9428641a4e96419
2024-02-14 12:07 - 2024-02-14 14:58 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\5f7b2a37684df71cc6418884f811a9a498a120de21d85c6dfdd0b200d2f6d786
2024-02-14 11:33 - 2024-02-14 11:33 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\edede1402b9ce1779b020af5609acb30ba9955601263375ef11894a57a33f68c
2024-02-08 12:45 - 2024-02-19 11:46 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PlaceholderTileLogoFolder
2024-02-07 16:24 - 2024-02-07 16:24 - 000003298 _____ C:\Windows\system32\Tasks\RNIdle Task
2024-02-07 16:23 - 2024-02-07 16:23 - 000000000 ____D C:\Program Files\Killer Networking
2024-02-07 16:04 - 2024-02-07 16:04 - 000000112 ___SH C:\bootTel.dat
2024-02-07 10:50 - 2024-02-07 10:50 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CEF
2024-02-07 10:44 - 2024-02-29 11:00 - 000000000 __SHD C:\Users\NCC1701_02.02.24\IntelGraphicsProfiles
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NEO
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-02-07 10:41 - 2024-02-07 10:41 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-02-07 10:41 - 2024-01-23 02:06 - 000750616 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:06 - 000637440 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000942696 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-02-07 10:41 - 2024-01-23 02:05 - 000705600 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000591480 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000525840 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2024-02-07 10:41 - 2024-01-23 02:03 - 000453000 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 002095072 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 001653328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-07 10:41 - 2024-01-23 02:00 - 000518112 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000479312 _____ C:\Windows\system32\ze_loader.dll
2024-02-07 10:41 - 2024-01-23 02:00 - 000314856 _____ C:\Windows\system32\ze_validation_layer.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001442896 _____ C:\Windows\system32\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-07 10:41 - 2024-01-23 01:59 - 001285200 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 027963880 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-02-07 10:41 - 2024-01-23 01:58 - 020687952 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000303264 _____ C:\Windows\system32\ControlLib.dll
2024-02-07 10:41 - 2024-01-23 01:55 - 000250016 _____ C:\Windows\SysWOW64\ControlLib32.dll
2024-02-07 10:41 - 2024-01-05 17:19 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-02-07 10:40 - 2024-02-07 10:51 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Intel
2024-02-07 10:40 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Intel
2024-02-07 10:40 - 2024-02-07 10:41 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-02-07 10:40 - 2024-02-07 10:41 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-02-07 10:40 - 2024-02-07 10:40 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-02-07 10:38 - 2024-02-07 10:38 - 006281760 _____ (Intel) C:\Users\NCC1701_02.02.24\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2024-02-06 18:15 - 2024-02-07 10:44 - 000000000 ____D C:\Program Files\Intel
2024-02-06 18:10 - 2024-02-07 10:46 - 000000000 ____D C:\Program Files (x86)\Intel
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2024-02-06 18:10 - 2024-02-06 18:10 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2024-02-06 18:10 - 2022-11-02 05:26 - 003234504 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsService.exe
2024-02-06 18:10 - 2022-11-02 05:26 - 000135368 _____ (Intel Corporation) C:\Windows\system32\Optane.dll
2024-02-06 18:10 - 2022-11-02 05:26 - 000025256 _____ (Intel Corporation) C:\Windows\system32\OptaneEventLogMsg.dll
2024-02-06 18:10 - 2022-11-02 05:25 - 000221352 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsNative.exe
2024-02-06 18:10 - 2022-11-02 05:25 - 000075464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAfs.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 001548488 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAC.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 000029384 _____ (Intel Corporation) C:\Windows\system32\RstMwEventLogMsg.dll
2024-02-06 18:04 - 2024-02-06 18:04 - 000000000 _____ C:\Windows\invcol.tmp
2024-02-06 18:03 - 2024-02-06 18:58 - 000000000 ____D C:\Program Files\Dell
2024-02-06 18:03 - 2024-02-06 18:03 - 000000000 ____D C:\Program Files (x86)\Dell
2024-02-06 18:02 - 2024-02-15 11:45 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-06 18:02 - 2024-02-15 11:44 - 000000000 ____D C:\Program Files\dotnet
2024-02-06 18:02 - 2024-02-14 19:22 - 000000000 ____D C:\ProgramData\Dell
2024-02-06 18:01 - 2024-02-06 18:01 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher.exe
2024-02-06 17:50 - 2024-02-07 17:21 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\bef731b8d57eaff614901472069b64360e2d656bfd76ea1add4389efddc043fb
2024-02-06 17:35 - 2024-02-19 12:04 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6ade6f6d78ece8ee0e6a9896681e2a81cf10959a1401482cda8cbb570802b55d
2024-02-06 17:35 - 2024-02-19 11:44 - 000444619 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6fd7b3a63df1d4f9e5ebd8d3dc7595ddf69a3660fb7b0c2e9f98d13446fea740
2024-02-06 17:28 - 2024-02-06 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\Windows\system32\Drivers\RivetNetworks
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\ProgramData\RivetNetworks
2024-02-06 17:24 - 2023-03-02 22:35 - 000292096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2024-02-06 17:24 - 2023-03-02 22:35 - 000247040 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2024-02-06 17:23 - 2024-02-06 17:23 - 000001814 _____ C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk
2024-02-06 17:23 - 2024-02-06 17:23 - 000000000 ____D C:\Program Files\Waves
2024-02-06 17:22 - 2024-02-29 11:07 - 000016811 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\9b7ccbd35dd68aa285baeafb7431630bce7ff8edf5a5899b484fc2d0af05f15c
2024-02-06 17:22 - 2024-02-29 10:55 - 000000000 ____D C:\Intel
2024-02-06 17:22 - 2024-02-07 10:52 - 000000026 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\0ad9e46285ca5fbf9c6d578692d600f22ab51e3d84eb5e84d7d05af5f093e5d8
2024-02-06 17:22 - 2024-02-06 17:22 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\LocalLow\Intel
2024-02-06 17:21 - 2024-02-06 17:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-06 17:20 - 2024-02-06 17:20 - 000000000 ____D C:\Windows\Firmware
2024-02-06 17:20 - 2023-03-02 22:34 - 006449048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-02-06 17:16 - 2024-02-19 13:10 - 000000000 ____D C:\Windows\system32\MRT
2024-02-06 15:30 - 2024-02-06 17:25 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-02-06 15:19 - 2024-02-14 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CrashDumps
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NPE
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\ProgramData\Norton
2024-02-05 13:52 - 2024-02-05 13:52 - 000000000 ____D C:\Geek Squad
2024-02-05 13:51 - 2024-02-05 13:52 - 000000000 ____D C:\ProgramData\Geek Squad
2024-02-02 18:11 - 2024-02-05 13:44 - 002826002 _____ C:\Windows\ntbtlog.txt
2024-02-02 18:11 - 2024-02-05 13:43 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-02 18:10 - 2024-02-05 13:45 - 000000000 ____D C:\Windows\pss
2024-02-02 16:06 - 2024-02-29 10:55 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-02-02 15:56 - 2024-02-02 15:56 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\VirtualStore
2024-02-02 15:36 - 2024-02-09 11:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\MMC
2024-02-02 15:32 - 2024-02-02 15:32 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Comms
2024-02-02 15:16 - 2024-02-02 15:16 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Publishers
2024-02-02 15:05 - 2024-02-02 15:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\OneDrive
2024-02-02 15:03 - 2024-02-19 10:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\D3DSCache
2024-02-02 15:02 - 2024-02-02 16:33 - 000000000 ___RD C:\Users\NCC1701_02.02.24\OneDrive
2024-02-02 15:02 - 2024-02-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\SystemCertificates
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Network
2024-02-02 14:59 - 2024-02-19 11:46 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Packages
2024-02-02 14:59 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\ConnectedDevicesPlatform
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Protect
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Crypto
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Credentials
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Vault
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Adobe
2024-02-02 14:58 - 2024-02-19 10:02 - 000000000 ____D C:\Users\NCC1701_02.02.24
2024-02-02 14:58 - 2024-02-02 15:14 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Spelling
2024-02-02 14:58 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows
2024-02-02 14:58 - 2024-02-02 14:58 - 000000020 ___SH C:\Users\NCC1701_02.02.24\ntuser.ini
2024-02-02 14:44 - 2024-02-29 11:02 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 14:42 - 2024-02-19 11:46 - 000000000 ____D C:\ProgramData\Packages
2024-02-02 14:40 - 2024-02-02 14:40 - 000000000 _SHDL C:\Documents and Settings
2024-02-02 14:36 - 2024-02-15 12:14 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 14:35 - 2024-02-29 10:34 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 14:35 - 2024-02-29 10:34 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-02 14:34 - 2024-02-29 10:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 14:34 - 2024-02-29 10:36 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____D C:\Windows\system32\config\BFS
2024-02-02 14:33 - 2024-02-29 10:56 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-02 14:33 - 2024-02-29 10:55 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-02 14:33 - 2024-02-29 10:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-02 14:33 - 2024-02-06 14:48 - 000000000 ____D C:\Windows\Panther
2024-02-02 14:33 - 2024-02-02 14:33 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-29 11:31 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-29 11:15 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-29 11:02 - 2022-05-06 21:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-29 11:02 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-29 11:02 - 2022-05-06 21:22 - 000000000 ____D C:\Windows\INF
2024-02-29 10:59 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-29 10:55 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-29 10:55 - 2022-05-06 21:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-29 10:52 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-16 20:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-15 12:20 - 2023-12-03 22:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-15 11:30 - 2022-05-06 21:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-15 11:18 - 2022-05-06 21:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-14 13:28 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\spool
2024-02-07 10:55 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\servicing
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\UUS
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-06 17:19 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-02-06 15:38 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\appcompat
2024-02-05 13:48 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\NDF
2024-02-02 20:44 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 16:01 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-02-02 15:16 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-02 14:42 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-02 14:33 - 2022-05-06 21:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories ========
 
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ () C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by NCC1701_02.02.24 (29-02-2024 11:34:59)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) (2024-02-02 22:41:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-287634066-2289251947-2206231936-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287634066-2289251947-2206231936-503 - Limited - Disabled)
Guest (S-1-5-21-287634066-2289251947-2206231936-501 - Limited - Disabled)
NCC1701_02.02.24 (S-1-5-21-287634066-2289251947-2206231936-1001 - Administrator - Enabled) => C:\Users\NCC1701_02.02.24
WDAGUtilityAccount (S-1-5-21-287634066-2289251947-2206231936-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell SupportAssist (HKLM\...\{1E5C3247-B6FF-47F2-AEE9-A921B21E914F}) (Version: 4.0.0.51819 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{EE5AFC69-5911-4A47-B78C-6BFBA883AF15}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{6045ACAB-3148-4E84-96EA-178F21611BD7}) (Version: 23.4.39.9 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Icls (HKLM\...\{E50319E3-A4FF-4642-A969-5C89B0A22E54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1B254687-4D73-4347-94CB-B25EFF73B9E4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2313.4.16.0 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{DD82CAB8-FEBE-4B83-BD5C-F125839A0F70}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{5DDCAB56-E374-431D-A70D-BEE3C9F787D1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{AFFBB7E9-51F0-4A68-B6B6-DB7B13E5E372}) (Version: 1.74.5391.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{29da1471-6d4a-4198-af44-b83f9ba62651}) (Version: 1.74.5391.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}) (Version: 23.4.39.9 - Intel)
Killer Performance Driver Suite UWD (HKLM\...\{B13962C1-E499-4B6B-A472-81E7BAEEE94A}) (Version: 35.23.1292 - Rivet Networks)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.16 (x64) (HKLM\...\{9F51D16B-42E8-4A4A-8228-75045541A2AE}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.16 (x64) (HKLM\...\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.16 (x64) (HKLM\...\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.16 - Shared Framework (x64) (HKLM-x32\...\{5cc1be84-7e3a-4ef7-9ed9-ff9256196077}) (Version: 7.0.16.24068 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.16 Shared Framework (x64) (HKLM\...\{1B81ED58-6B0A-3911-9BF1-D57357A9637E}) (Version: 7.0.16.24068 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.112 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM\...\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}) (Version: 56.64.8804 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM-x32\...\{ef5af41f-d68c-48f7-bfb0-5055718601fc}) (Version: 7.0.16.33318 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 122.0.1 (x64 en-US)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
 
Packages:
=========
 
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.9.0_x64__htrsf667h5kn2 [2024-02-06] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-02-06] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corp.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corporation)
Microsoft.MicrosoftPCManager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation)
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-29] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-287634066-2289251947-2206231936-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2023-01-10 20:13 - 2023-01-10 20:13 - 001635328 _____ () [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\e_sqlite3.DLL
2023-01-10 20:21 - 2023-01-10 20:21 - 000005120 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.batteries_v2.dll
2023-01-10 20:18 - 2023-01-10 20:18 - 000050688 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.core.dll
2023-01-10 20:18 - 2023-01-10 20:18 - 000035840 _____ (SourceGear) [File not signed] C:\Program Files\Dell\Plugins\Public Secure Storage\SQLitePCLRaw.provider.e_sqlite3.dll
2024-01-05 17:19 - 2024-01-05 17:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 21:24 - 2024-02-06 14:50 - 000000141 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.42.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFF7DA16-82C0-493B-97BF-E212C9110B69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B79A45D1-15AD-475C-A8CD-575D69D8B237}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF91B770-5D55-43A6-A921-4F5347E1F2D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1E967D60-F6C4-4D85-8E6C-421C506BED3D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
14-02-2024 13:28:10 Windows Modules Installer
14-02-2024 19:20:57 AdwCleaner_BeforeCleaning_14/02/2024_19:20:56
19-02-2024 11:46:30 Windows Update
29-02-2024 10:38:10 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Description: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw10
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/19/2024 11:01:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/19/2024 11:01:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6bdf45b0-4960-4e98-a440-214b393c48a3}
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/16/2024 09:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (02/29/2024 10:57:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the PCManager Service (Store) service to connect.
 
Error: (02/29/2024 10:57:02 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml
 
Error: (02/29/2024 10:57:02 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml
 
Error: (02/29/2024 10:26:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The igccservice service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/29/2024 10:26:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the igccservice service to connect.
 
Error: (02/29/2024 10:25:55 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml
 
Error: (02/29/2024 10:25:55 AM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml
 
Error: (02/29/2024 10:25:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:14:04 PM on ‎2/‎19/‎2024 was unexpected.
 
 
Windows Defender:
================
Date: 2024-02-19 12:03:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-14 12:49:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
CodeIntegrity:
===============
Date: 2024-02-29 11:33:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.17.0 12/11/2023
Motherboard: Dell Inc. 0K3CM7
Processor: 11th Gen Intel® Core™ i7-11700 @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 15957.25 MB
Available physical RAM: 8973.43 MB
Total Virtual: 16981.25 MB
Available Virtual: 9669.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1863 GB) (Free:1803.66 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (D) (Fixed) (Total:456.6 GB) (Free:456.49 GB) (Model: NVMe PM991a NVMe Sams) NTFS
 
\\?\Volume{00812eab-605c-4f2f-8ac8-6f380e8ceb93}\ (F) (Fixed) (Total:1.35 GB) (Free:0.63 GB) NTFS
\\?\Volume{ab0ecfc8-ae52-4d48-860d-b7cf99502eb7}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==================== End of Addition.txt =======================
 
I'll post the ESET results once its done running. 
Thank you again


#13 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 29 February 2024 - 03:53 PM

ESET Scan did not find any issues:

 

02/29/2024 12:51:12
Files scanned: 170872
Detected files: 0
Cleaned files: 0
Total scan time: 00:32:35
Scan status: Finished


#14 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 01 March 2024 - 03:33 AM

That all looks good and I believe that we are nearly all set now.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.



#15 Romy99

Romy99
  • Topic Starter

  •  Avatar image
  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Santa Ana, CA
  • Local time:07:58 PM

Posted 01 March 2024 - 06:47 PM

I think I found the problem of why my PC seems to be lagging and acting almost as if it not had enough memory. 
When I took it to Geek Squad for them to fix it initially, they fixed corrupted files etc and they reinstall windows. Well, they installed the boot drive on my old HDD that I have in here for file instead of the SSD as I had it originally. So now the PC is using my old HDD to boot, load programs and save files.... My SSD is just sitting there seemingly doing nothing. 

 

If you can recommend and easy solution to transfer my bootable drive back to my SSD, that would be appreciated but probably the easiest thing to do at this point is to bring it back to Geek Squad and have them do it. I bought a cheap computer to run just my email and chrome, which is what I need for now. 

 

I ran Farbar one more time just in case: 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01

Ran by NCC1701_02.02.24 (administrator) on NEW-NCC1701 (Dell Inc. XPS 8940) (01-03-2024 15:39:26)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY\FRST64.exe
Loaded Profiles: NCC1701_02.02.24
Platform: Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_3792de536cfe267d\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3792de536cfe267d\igfxEMN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe <2>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3792de536cfe267d\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a99b22aa15fa509a\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e7f4a4c663908a12\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> MSPCManagerService) C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3219_none_e95af47c42d111f3\TiWorker.exe
(SystemSettingsAdminFlows.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Dism\DismHost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a4555e9b35287491\RtkAudUService64.exe [1649504 2023-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe [5083736 2023-02-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1623080 2024-01-25] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\RunOnce: [msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --reset-startup-boost-last-used [4060728 2024-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-02-29] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {FC800956-224F-4E6C-9F14-02498B7806AA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [739168 2023-10-09] (Dell Inc -> Dell Inc.)
Task: {CCD5E882-466F-4294-8FA8-2BF3547DEB72} - System32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {3F4E2B57-72D4-4C77-BF3E-47FAA2D5151F} - System32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-02-15] (Google LLC -> Google LLC)
Task: {5D82B75E-74BF-43D7-BEDD-0D6E648D65DD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {F933043F-E6F5-46BC-8273-971DAB0DF1C1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {5D201D4D-C7F6-43F5-8726-88DF6BECC8DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8A708E01-0E4A-4965-A1BC-A54F8D76AD7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBD75024-633C-4824-AD9B-98AB9DEAF8CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D48796DE-6FD9-498A-9D84-0A73AE9CC10B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {99272C9D-9A3C-41F4-9E27-381D29A5D705} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4F0067C2-EE35-4CCE-84C9-F2FAE44EB357} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {3BFF8200-DBA5-4862-8CE5-FA37F85879CB} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31552 2024-01-24] (Intel Corporation -> )
Task: {65365E6D-5510-4ECC-8775-6DAACE394058} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-12-03] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.42.10
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97a53191-b85d-4d2e-bd6a-947d73e8eb30}\0534F4E4C495F5F4344523032333: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{f061f94f-7f6c-489f-a5e9-f0921c55f548}: [DhcpNameServer] 192.168.42.10
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-01]
Edge Extension: (Google Docs Offline) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]
Edge Extension: (Edge relevant text changes) - C:\Users\NCC1701_02.02.24\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
 
FireFox:
========
FF DefaultProfile: 8ixzsuoo.default
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\8ixzsuoo.default [2024-02-16]
FF ProfilePath: C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla\Firefox\Profiles\yurzp3sj.default-release [2024-03-01]
 
Chrome: 
=======
CHR Profile: C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default [2024-03-01]
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.essexapartmenthomes.com/"
CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/override.html"
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-29]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2024-02-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-29]
CHR Extension: (Guardio Protection for Chrome) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2024-02-29]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-29]
CHR Extension: (Speed Dial 2 New tab) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2024-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NCC1701_02.02.24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-01-17] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [240392 2024-01-17] (Intel Corporation -> Intel)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1661480 2024-01-25] (Intel Corporation -> Intel Corporation)
S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78248 2024-01-24] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2378160 2024-01-24] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2662824 2024-01-24] (Intel Corporation -> Intel)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78144 2024-01-24] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
R2 PCManager Service Store; C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe [153024 2024-02-19] (Microsoft Corporation -> MSPCManagerService)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [561152 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [149864 2020-06-16] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_808162718b526a1e\e2k68cx21x64.sys [752448 2023-12-19] (Realtek Semiconductor Corp. -> Realtek)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [254888 2024-01-24] (Intel Corporation -> Rivet Networks, LLC.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl8d130126; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0518CCCE-E5C1-4E72-81FA-181E27B9933D}\MpKslDrv.sys [272664 2024-03-01] (Microsoft Windows -> Microsoft Corporation)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21040 2024-02-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [608648 2024-02-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-29] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-01 14:09 - 2024-03-01 14:12 - 2517739520 _____ C:\Users\NCC1701_02.02.24\Downloads\Win11_23H2_English_x64v2.iso
2024-03-01 13:14 - 2024-03-01 13:14 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\HTML Help
2024-02-29 19:55 - 2024-02-29 19:55 - 000003946 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2024-02-29 19:54 - 2024-02-29 19:54 - 001237288 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher (2).exe
2024-02-29 19:14 - 2024-02-29 19:21 - 000000000 ___RD C:\Users\NCC1701_02.02.24\Desktop\RevoUninstallerPro_Portable
2024-02-29 18:43 - 2024-02-29 19:07 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2024-02-29 18:43 - 2024-02-29 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-02-29 18:43 - 2024-02-29 18:43 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\VS Revo Group
2024-02-29 18:43 - 2024-02-29 18:43 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-02-29 18:43 - 2024-02-29 18:43 - 000000000 ____D C:\Program Files\VS Revo Group
2024-02-29 17:43 - 2024-02-29 17:43 - 018018368 _____ (Dell, Inc.) C:\Users\NCC1701_02.02.24\Downloads\BIOS_IMG.rcv
2024-02-29 17:37 - 2024-02-29 18:31 - 018878368 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\Intel-Chipset-Device-Software_RVRV0_WIN_10.1.19468.8385_A23_06.EXE
2024-02-29 17:37 - 2024-02-29 17:37 - 018030136 _____ (Dell, Inc.) C:\Users\NCC1701_02.02.24\Downloads\XPS_8940_2.17.0.exe
2024-02-29 17:21 - 2024-02-29 17:21 - 001237288 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher (1).exe
2024-02-29 17:17 - 2024-02-29 17:17 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistInstaller (1).exe
2024-02-29 17:08 - 2024-02-29 17:08 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistInstaller.exe
2024-02-29 17:00 - 2024-02-29 17:00 - 000000000 ____D C:\Program Files\Killer Networking
2024-02-29 16:53 - 2023-11-30 01:03 - 000997400 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-02-29 16:53 - 2023-11-30 01:03 - 000754040 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-02-29 16:53 - 2023-11-30 01:03 - 000636776 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-02-29 16:53 - 2023-11-30 01:03 - 000494520 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-02-29 16:53 - 2023-11-30 01:02 - 000569560 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2024-02-29 16:53 - 2023-11-30 01:00 - 002125000 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-29 16:53 - 2023-11-30 01:00 - 002125000 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-29 16:53 - 2023-11-30 01:00 - 001683256 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-29 16:53 - 2023-11-30 01:00 - 001683256 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-29 16:53 - 2023-11-30 01:00 - 001472712 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-29 16:53 - 2023-11-30 01:00 - 001472712 _____ C:\Windows\system32\vulkan-1.dll
2024-02-29 16:53 - 2023-11-30 01:00 - 001315016 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-29 16:53 - 2023-11-30 01:00 - 001315016 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-02-29 16:53 - 2023-11-30 00:59 - 027993904 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-02-29 16:53 - 2023-11-30 00:59 - 020717872 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-02-29 16:40 - 2024-02-29 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-02-29 16:37 - 2024-02-23 10:22 - 000750616 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-02-29 16:37 - 2024-02-23 10:22 - 000637336 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-02-29 16:37 - 2024-02-23 10:16 - 000518104 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-02-29 16:37 - 2024-02-23 10:16 - 000489944 _____ C:\Windows\system32\ze_loader.dll
2024-02-29 16:37 - 2024-02-23 10:16 - 000314840 _____ C:\Windows\system32\ze_validation_layer.dll
2024-02-29 16:36 - 2024-02-23 10:13 - 000303152 _____ C:\Windows\system32\ControlLib.dll
2024-02-29 16:36 - 2024-02-23 10:13 - 000249920 _____ C:\Windows\SysWOW64\ControlLib32.dll
2024-02-29 13:38 - 2024-02-29 13:38 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-02-29 11:44 - 2024-03-01 13:37 - 000001324 _____ C:\Users\NCC1701_02.02.24\Desktop\ESET Online Scanner.lnk
2024-02-29 11:40 - 2024-03-01 13:37 - 000001430 _____ C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-02-29 11:40 - 2024-02-29 11:40 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\ESET
2024-02-29 10:46 - 2024-02-29 10:46 - 000020023 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-29 10:44 - 2024-02-29 10:44 - 000020023 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-19 11:47 - 2024-02-19 11:47 - 000002359 _____ C:\Users\Public\Desktop\PC Manager.lnk
2024-02-19 11:47 - 2024-02-19 11:47 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PC Manager Store
2024-02-19 11:46 - 2024-02-19 11:49 - 000000000 ____D C:\ProgramData\Windows Master Store
2024-02-15 12:10 - 2024-03-01 15:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-15 12:10 - 2024-03-01 15:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-15 12:10 - 2024-03-01 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-15 12:10 - 2024-02-15 12:10 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Mozilla
2024-02-15 12:10 - 2024-02-15 12:10 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Mozilla
2024-02-15 12:09 - 2024-02-29 11:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-29 11:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-15 12:09 - 2024-02-15 12:09 - 000349976 _____ (Mozilla) C:\Users\NCC1701_02.02.24\Downloads\Firefox Installer.exe
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Google
2024-02-15 12:09 - 2024-02-15 12:09 - 000000000 ____D C:\Program Files\Google
2024-02-15 12:08 - 2024-03-01 15:13 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-15 12:08 - 2024-02-15 12:08 - 001376816 _____ (Google LLC) C:\Users\NCC1701_02.02.24\Downloads\ChromeSetup.exe
2024-02-15 12:08 - 2024-02-15 12:08 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{71AD4A40-F0BB-4603-BFB4-7258E1B41130}
2024-02-15 12:08 - 2024-02-15 12:08 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6F9297AB-D53B-4C6B-A188-49DDD3563A0A}
2024-02-15 12:05 - 2024-02-29 18:43 - 017724920 _____ (VS Revo Group ) C:\Users\NCC1701_02.02.24\Downloads\RevoUninProSetup.exe
2024-02-15 11:42 - 2024-03-01 15:39 - 000000000 ____D C:\FRST
2024-02-15 11:19 - 2024-02-15 11:19 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\mbam
2024-02-15 11:18 - 2024-03-01 14:13 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Malwarebytes
2024-02-15 11:18 - 2024-02-15 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-15 11:17 - 2024-02-15 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-14 19:13 - 2024-02-14 19:21 - 000000000 ____D C:\AdwCleaner
2024-02-14 18:08 - 2024-02-15 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-14 18:06 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-02-14 18:05 - 2024-02-14 18:06 - 000000000 ____D C:\ProgramData\Logishrd
2024-02-14 18:05 - 2024-02-14 18:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\FirmwareUpdateTool
2024-02-14 18:03 - 2024-02-14 18:03 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2024-02-14 17:55 - 2024-02-29 19:21 - 000000000 ____D C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
2024-02-14 13:56 - 2024-02-29 19:55 - 000000128 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\f2f92f7da777fed42bd801386fe3fef40ecdd1f2f60852547650d0043e104074
2024-02-14 13:56 - 2024-02-29 19:27 - 000028975 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\aef28520725e2ea3ed157453470b6474f3b9b25cc0cf9e98a9d4135711df3e8d
2024-02-14 12:07 - 2024-02-14 14:58 - 000011216 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\147fce4307b24dcd765b311ec45e086e6b1a7280cbc4c293d9428641a4e96419
2024-02-14 12:07 - 2024-02-14 14:58 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\5f7b2a37684df71cc6418884f811a9a498a120de21d85c6dfdd0b200d2f6d786
2024-02-14 11:33 - 2024-03-01 11:45 - 000002260 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\edede1402b9ce1779b020af5609acb30ba9955601263375ef11894a57a33f68c
2024-02-08 12:45 - 2024-02-19 11:46 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\PlaceholderTileLogoFolder
2024-02-07 16:24 - 2024-02-07 16:24 - 000003298 _____ C:\Windows\system32\Tasks\RNIdle Task
2024-02-07 16:04 - 2024-02-07 16:04 - 000000112 ___SH C:\bootTel.dat
2024-02-07 10:50 - 2024-02-07 10:50 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CEF
2024-02-07 10:44 - 2024-02-29 17:57 - 000000000 __SHD C:\Users\NCC1701_02.02.24\IntelGraphicsProfiles
2024-02-07 10:44 - 2024-02-07 10:44 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NEO
2024-02-07 10:41 - 2024-02-07 10:41 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-02-07 10:41 - 2024-01-05 17:19 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-02-07 10:40 - 2024-02-07 10:51 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Intel
2024-02-07 10:40 - 2024-02-07 10:44 - 000000000 ____D C:\ProgramData\Intel
2024-02-07 10:40 - 2024-02-07 10:41 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-02-07 10:40 - 2024-02-07 10:41 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-02-07 10:40 - 2024-02-07 10:40 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-02-07 10:38 - 2024-02-07 10:38 - 006281760 _____ (Intel) C:\Users\NCC1701_02.02.24\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2024-02-06 18:15 - 2024-02-29 18:31 - 000000000 ____D C:\Program Files\Intel
2024-02-06 18:10 - 2024-02-29 19:59 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2024-02-06 18:10 - 2024-02-29 19:59 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2024-02-06 18:10 - 2024-02-29 19:59 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2024-02-06 18:10 - 2024-02-29 19:59 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2024-02-06 18:10 - 2024-02-29 19:59 - 000000000 ____D C:\Program Files (x86)\Intel
2024-02-06 18:10 - 2022-11-02 05:26 - 003234504 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsService.exe
2024-02-06 18:10 - 2022-11-02 05:26 - 000135368 _____ (Intel Corporation) C:\Windows\system32\Optane.dll
2024-02-06 18:10 - 2022-11-02 05:26 - 000025256 _____ (Intel Corporation) C:\Windows\system32\OptaneEventLogMsg.dll
2024-02-06 18:10 - 2022-11-02 05:25 - 000221352 _____ (Intel Corporation) C:\Windows\system32\iaStorAfsNative.exe
2024-02-06 18:10 - 2022-11-02 05:25 - 000075464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAfs.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 001548488 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorAC.sys
2024-02-06 18:10 - 2022-10-27 11:10 - 000029384 _____ (Intel Corporation) C:\Windows\system32\RstMwEventLogMsg.dll
2024-02-06 18:04 - 2024-02-06 18:04 - 000000000 _____ C:\Windows\invcol.tmp
2024-02-06 18:03 - 2024-03-01 11:38 - 000000000 ____D C:\Program Files\Dell
2024-02-06 18:03 - 2024-02-29 19:54 - 000000000 ____D C:\Program Files (x86)\Dell
2024-02-06 18:02 - 2024-03-01 11:38 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-06 18:02 - 2024-03-01 11:38 - 000000000 ____D C:\ProgramData\Dell
2024-02-06 18:02 - 2024-02-15 11:44 - 000000000 ____D C:\Program Files\dotnet
2024-02-06 18:01 - 2024-02-06 18:01 - 001236776 _____ (Dell Inc.) C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher.exe
2024-02-06 17:50 - 2024-02-07 17:21 - 000002264 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\bef731b8d57eaff614901472069b64360e2d656bfd76ea1add4389efddc043fb
2024-02-06 17:35 - 2024-02-19 12:04 - 000000130 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6ade6f6d78ece8ee0e6a9896681e2a81cf10959a1401482cda8cbb570802b55d
2024-02-06 17:35 - 2024-02-19 11:44 - 000444619 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\6fd7b3a63df1d4f9e5ebd8d3dc7595ddf69a3660fb7b0c2e9f98d13446fea740
2024-02-06 17:28 - 2024-02-06 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\Windows\system32\Drivers\RivetNetworks
2024-02-06 17:24 - 2024-02-06 17:24 - 000000000 ____D C:\ProgramData\RivetNetworks
2024-02-06 17:24 - 2023-03-02 22:35 - 000292096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2024-02-06 17:24 - 2023-03-02 22:35 - 000247040 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2024-02-06 17:23 - 2024-02-06 17:23 - 000001814 _____ C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk
2024-02-06 17:23 - 2024-02-06 17:23 - 000000000 ____D C:\Program Files\Waves
2024-02-06 17:22 - 2024-03-01 15:07 - 000016781 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\9b7ccbd35dd68aa285baeafb7431630bce7ff8edf5a5899b484fc2d0af05f15c
2024-02-06 17:22 - 2024-02-29 17:56 - 000000000 ____D C:\Intel
2024-02-06 17:22 - 2024-02-29 16:56 - 000000026 _____ C:\Users\NCC1701_02.02.24\AppData\LocalLow\0ad9e46285ca5fbf9c6d578692d600f22ab51e3d84eb5e84d7d05af5f093e5d8
2024-02-06 17:22 - 2024-02-06 17:22 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\LocalLow\Intel
2024-02-06 17:21 - 2024-02-06 17:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-06 17:20 - 2024-02-06 17:20 - 000000000 ____D C:\Windows\Firmware
2024-02-06 17:20 - 2023-03-02 22:34 - 006449048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-02-06 17:16 - 2024-02-29 19:15 - 000000000 ____D C:\Windows\system32\MRT
2024-02-06 15:30 - 2024-02-06 17:25 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-02-06 15:19 - 2024-03-01 13:37 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\CrashDumps
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\NPE
2024-02-06 14:53 - 2024-02-06 14:53 - 000000000 ____D C:\ProgramData\Norton
2024-02-05 13:52 - 2024-02-05 13:52 - 000000000 ____D C:\Geek Squad
2024-02-05 13:51 - 2024-02-05 13:52 - 000000000 ____D C:\ProgramData\Geek Squad
2024-02-02 18:11 - 2024-02-05 13:44 - 002826002 _____ C:\Windows\ntbtlog.txt
2024-02-02 18:11 - 2024-02-05 13:43 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-02 18:10 - 2024-02-05 13:45 - 000000000 ____D C:\Windows\pss
2024-02-02 16:06 - 2024-02-29 13:45 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-02-02 15:56 - 2024-02-02 15:56 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\VirtualStore
2024-02-02 15:36 - 2024-03-01 13:23 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\MMC
2024-02-02 15:32 - 2024-02-02 15:32 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Comms
2024-02-02 15:16 - 2024-02-02 15:16 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Publishers
2024-02-02 15:05 - 2024-02-02 15:05 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\OneDrive
2024-02-02 15:03 - 2024-03-01 14:08 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\D3DSCache
2024-02-02 15:02 - 2024-02-02 16:33 - 000000000 ___RD C:\Users\NCC1701_02.02.24\OneDrive
2024-02-02 15:02 - 2024-02-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\SystemCertificates
2024-02-02 15:00 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Network
2024-02-02 14:59 - 2024-02-29 20:01 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\Packages
2024-02-02 14:59 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Local\ConnectedDevicesPlatform
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Protect
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Crypto
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ___SD C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Credentials
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Vault
2024-02-02 14:59 - 2024-02-02 14:59 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Adobe
2024-02-02 14:58 - 2024-02-19 10:02 - 000000000 ____D C:\Users\NCC1701_02.02.24
2024-02-02 14:58 - 2024-02-02 15:14 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Spelling
2024-02-02 14:58 - 2024-02-02 15:00 - 000000000 ____D C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows
2024-02-02 14:58 - 2024-02-02 14:58 - 000000020 ___SH C:\Users\NCC1701_02.02.24\ntuser.ini
2024-02-02 14:44 - 2024-02-29 20:00 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 14:42 - 2024-02-29 19:56 - 000000000 ____D C:\ProgramData\Packages
2024-02-02 14:40 - 2024-02-02 14:40 - 000000000 _SHDL C:\Documents and Settings
2024-02-02 14:36 - 2024-03-01 11:43 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 14:35 - 2024-02-29 10:34 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 14:35 - 2024-02-29 10:34 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-02 14:34 - 2024-02-29 17:56 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 14:34 - 2024-02-29 10:36 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-02-02 14:34 - 2024-02-02 14:34 - 000000000 ____D C:\Windows\system32\config\BFS
2024-02-02 14:33 - 2024-03-01 14:40 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-02 14:33 - 2024-02-29 17:56 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-02 14:33 - 2024-02-29 10:56 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-02 14:33 - 2024-02-06 14:48 - 000000000 ____D C:\Windows\Panther
2024-02-02 14:33 - 2024-02-02 14:33 - 000000000 ____D C:\Windows\ServiceProfiles
2024-02-01 11:29 - 2024-02-01 11:29 - 005191864 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2024-02-01 11:29 - 2024-02-01 11:29 - 001472184 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-01 15:32 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-01 15:13 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemTemp
2024-03-01 11:43 - 2022-05-06 21:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-01 11:43 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-29 20:00 - 2022-05-06 21:22 - 000000000 ____D C:\Windows\INF
2024-02-29 17:56 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-29 17:50 - 2022-05-06 21:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-02-29 11:15 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-29 10:53 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-29 10:52 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-16 20:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-15 12:20 - 2023-12-03 22:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-15 12:20 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-15 11:30 - 2022-05-06 21:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-15 11:18 - 2022-05-06 21:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-14 13:28 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\spool
2024-02-07 10:55 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\servicing
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\UUS
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-06 18:17 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-06 17:26 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-06 17:19 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-02-06 15:38 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\appcompat
2024-02-05 13:48 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\NDF
2024-02-02 20:44 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 16:01 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-02-02 15:16 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-02 14:42 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-02 14:33 - 2022-05-06 21:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories ========
 
2024-02-14 16:17 - 2024-02-14 16:17 - 000007673 _____ () C:\Users\NCC1701_02.02.24\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by NCC1701_02.02.24 (01-03-2024 15:41:47)
Running from C:\Users\NCC1701_02.02.24\Desktop\SEEK & DESTROY
Microsoft Windows 11 Home Version 23H2 22631.3235 (X64) (2024-02-02 22:41:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-287634066-2289251947-2206231936-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287634066-2289251947-2206231936-503 - Limited - Disabled)
Guest (S-1-5-21-287634066-2289251947-2206231936-501 - Limited - Disabled)
NCC1701_02.02.24 (S-1-5-21-287634066-2289251947-2206231936-1001 - Administrator - Enabled) => C:\Users\NCC1701_02.02.24
WDAGUtilityAccount (S-1-5-21-287634066-2289251947-2206231936-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell SupportAssist (HKLM\...\{DB6164FC-CD98-471C-BD5B-5B14CAFA3186}) (Version: 3.14.2.45116 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{2DF0E6F6-1C0E-4AF3-BD8C-2DBD0A8A770F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{6045ACAB-3148-4E84-96EA-178F21611BD7}) (Version: 23.4.39.9 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{E6CC1C02-638D-44F5-8BAE-E455453F80BA}) (Version: 10.1.19468.8385 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{8af15a1a-f70d-4968-84c0-97df0607c3e6}) (Version: 10.1.19468.8385 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Icls (HKLM\...\{D404A759-EC9F-4C95-A9FD-2CC8EFF89E03}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2345.5.42.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{DD4C55D7-B644-4274-AEC9-77AAB3FB00F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{6204E232-6522-4B6E-B22C-4F0DF7CCA27C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{5C67AF85-8F17-49C9-854F-8E40208ECFBE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.30.0.3 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{E5DE57FD-6E67-4A16-9204-9E8BE7D236AA}) (Version: 1.75.5430.1 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{b5263522-baea-432d-b8b6-7b7318b1a9d0}) (Version: 1.75.5430.1 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{8ec91c89-74ee-47b9-95d4-3a036bf050a5}) (Version: 23.4.39.9 - Intel)
Killer Performance Driver Suite UWD (HKLM\...\{F2471CBF-CF01-48DD-8C64-9CE2C1B34D99}) (Version: 35.24.1177 - Rivet Networks)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.16 (x64) (HKLM\...\{9F51D16B-42E8-4A4A-8228-75045541A2AE}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.16 (x64) (HKLM\...\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM\...\{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.16 (x64) (HKLM\...\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}) (Version: 56.64.8781 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM\...\{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.16 - Shared Framework (x64) (HKLM-x32\...\{5cc1be84-7e3a-4ef7-9ed9-ff9256196077}) (Version: 7.0.16.24068 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.16 Shared Framework (x64) (HKLM\...\{1B81ED58-6B0A-3911-9BF1-D57357A9637E}) (Version: 7.0.16.24068 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32\...\{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM\...\{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM\...\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}) (Version: 56.64.8804 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.16 (x64) (HKLM-x32\...\{ef5af41f-d68c-48f7-bfb0-5055718601fc}) (Version: 7.0.16.33318 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM\...\{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32\...\{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 122.0.1 (x64 en-US)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
 
Packages:
=========
 
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.9.0_x64__htrsf667h5kn2 [2024-02-29] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-02-06] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corp.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Corporation)
Microsoft.MicrosoftPCManager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.3.14.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation)
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-29] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-287634066-2289251947-2206231936-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-01-05 17:19 - 2024-01-05 17:19 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2024-01-05 17:19 - 2024-01-05 17:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\Intel-Chipset-Device-Software_RVRV0_WIN_10.1.19468.8385_A23_06.EXE:MBAM.Zone.Identifier [375]
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\RevoUninProSetup.exe:MBAM.Zone.Identifier [148]
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\SupportAssistInstaller (1).exe:MBAM.Zone.Identifier [211]
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\SupportAssistInstaller.exe:MBAM.Zone.Identifier [211]
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\SupportAssistLauncher (1).exe:MBAM.Zone.Identifier [265]
AlternateDataStreams: C:\Users\NCC1701_02.02.24\Downloads\XPS_8940_2.17.0.exe:MBAM.Zone.Identifier [281]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 21:24 - 2024-02-06 14:50 - 000000141 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NCC1701_02.02.24\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.42.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "Intel® Arc™ Control"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7447DCA6902CB0288A5F3AB362FEC18"
HKU\S-1-5-21-287634066-2289251947-2206231936-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFF7DA16-82C0-493B-97BF-E212C9110B69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B79A45D1-15AD-475C-A8CD-575D69D8B237}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E967D60-F6C4-4D85-8E6C-421C506BED3D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8E9BCF77-B1F2-49B6-81F2-0DD1FB7A15BB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-02-2024 19:20:57 AdwCleaner_BeforeCleaning_14/02/2024_19:20:56
19-02-2024 11:46:30 Windows Update
29-02-2024 10:38:10 Windows Update
29-02-2024 16:35:35 Installed Intel® Wireless Bluetooth®
29-02-2024 16:46:41 Installed Killer Performance Driver Suite UWD.
29-02-2024 18:44:58 Revo Uninstaller Pro's restore point - Xbox Identity Provider
 
==================== Faulty Device Manager Devices ============
 
Name: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Description: Killer® Wi-Fi 6 AX1650i 160MHz Wireless Network Adapter (201NGW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw10
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/01/2024 02:12:21 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SecHealthUI.exe version 10.0.22621.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (03/01/2024 01:37:18 PM) (Source: Application Error) (EventID: 1000) (User: NEW-NCC1701)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.22621.2506, time stamp: 0x1000d65c
Exception code: 0xc0000005
Fault offset: 0x002d0c74
Faulting process id: 0x0xc0c
Faulting application start time: 0x0x1da6c20a14e8717
Faulting application path: C:\Users\NCC1701_02.02.24\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\Windows\SYSTEM32\WININET.dll
Report Id: 96f4fd5a-15ae-498b-aba7-75ff89d8877c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/29/2024 06:44:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5b42a8bc-e101-4de9-bd6f-fa9123c2ada6}
 
Error: (02/29/2024 06:36:02 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SupportAssistAgent.exe, version: 4.0.0.51819, time stamp: 0x64b073ea
Faulting module name: coreclr.dll, version: 6.0.2724.6912, time stamp: 0x65ab2ae9
Exception code: 0xc0000005
Fault offset: 0x00000000001d3c89
Faulting process id: 0x0x3320
Faulting application start time: 0x0x1da6b7c27ee7b83
Faulting application path: C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
Faulting module path: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll
Report Id: 2228eabb-34bc-4ef9-9bb0-c691cb9e3f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/29/2024 06:36:01 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: SupportAssistAgent.exe
CoreCLR Version: 6.0.2724.6912
.NET Version: 6.0.27
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFC80143C89 (00007FFC7FF70000) with exit code c0000005.
 
Error: (02/29/2024 05:29:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/29/2024 05:22:10 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SupportAssistAgent.exe, version: 4.0.0.51819, time stamp: 0x64b073ea
Faulting module name: coreclr.dll, version: 6.0.2724.6912, time stamp: 0x65ab2ae9
Exception code: 0xc0000005
Fault offset: 0x00000000001d3c89
Faulting process id: 0x0xa34
Faulting application start time: 0x0x1da6b70023d5079
Faulting application path: C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
Faulting module path: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll
Report Id: 937327ee-b1a6-4994-8414-c9f04cdd9281
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/29/2024 05:22:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: SupportAssistAgent.exe
CoreCLR Version: 6.0.2724.6912
.NET Version: 6.0.27
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD9B6C3C89 (00007FFD9B4F0000) with exit code c0000005.
 
 
System errors:
=============
Error: (03/01/2024 01:39:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/01/2024 01:39:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCC170~1.24\AppData\Local\Temp\ehdrv.sys
 
Error: (03/01/2024 01:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/01/2024 01:39:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCC170~1.24\AppData\Local\Temp\ehdrv.sys
 
Error: (03/01/2024 01:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/01/2024 01:39:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCC170~1.24\AppData\Local\Temp\ehdrv.sys
 
Error: (03/01/2024 01:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/01/2024 01:39:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCC170~1.24\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2024-02-29 13:17:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-19 12:03:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-14 12:49:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
Date: 2024-02-14 11:46:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.3482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved  
 
CodeIntegrity:
===============
Date: 2024-03-01 13:39:14
Description: 
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume2\Users\NCC1701_02.02.24\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 2.17.0 12/11/2023
Motherboard: Dell Inc. 0K3CM7
Processor: 11th Gen Intel® Core™ i7-11700 @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 15957.25 MB
Available physical RAM: 7622.54 MB
Total Virtual: 16981.25 MB
Available Virtual: 7647.13 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1863 GB) (Free:1787.91 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (D) (Fixed) (Total:456.6 GB) (Free:456.48 GB) (Model: NVMe PM991a NVMe Sams) NTFS
Drive e: ® (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
 
\\?\Volume{00812eab-605c-4f2f-8ac8-6f380e8ceb93}\ (F) (Fixed) (Total:1.35 GB) (Free:0.63 GB) NTFS
\\?\Volume{ab0ecfc8-ae52-4d48-860d-b7cf99502eb7}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 271FE25E)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users