Output of FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2024
Ran by Root (administrator) on DELL-7570 (Dell Inc. Inspiron 7570) (21-06-2024 20:33:36)
Running from C:\Users\Root\Downloads\FRST64.exe
Loaded Profiles: postgres & Root & emanu
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe <7>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(cmd.exe ->) (Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\9.4.3.3\rf-chrome-nm-host.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe <2>
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe <2>
(explorer.exe ->) (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\quickset.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
(explorer.exe ->) (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe <2>
(explorer.exe ->) (Tailscale Inc. -> Tailscale Inc.) C:\Program Files\Tailscale\tailscale-ipn.exe <2>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe <2>
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Wondershare\drfone\Addins\Clone\ElevationService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_2b5cc6321ee5f534\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_ffd80069472091bc\RstMwService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_88d301c5038802e4\Display.NvContainer\NVDisplay.Container.exe <3>
(services.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <5>
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Tailscale Inc. -> Tailscale Inc.) C:\Program Files\Tailscale\tailscaled.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(services.exe ->) (wondershare) [File not signed] C:\Program Files (x86)\Wondershare\drfone\WsidService.exe
(sihost.exe ->) (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe
(svchost.exe ->) (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0\DellMobileConnectUniversalClient.exe
(svchost.exe ->) (DELL) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Root\AppData\Local\Microsoft\OneDrive\24.111.0602.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-08-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3910656 2017-05-03] (Dell Inc.) [File not signed]
HKLM\...\Run: [RTKNGUI] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226728 2017-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2020-12-06] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [98261768 2020-05-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2738872 2021-02-23] (iMobie Inc. -> iMobie Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1942594187-1280538993-414148617-1012\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Root\AppData\Local\Microsoft\Teams\Update.exe [2453656 2021-02-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\Run: [com.squirrel.Teams.Teams] => C:\Users\emanu\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [156464 2023-03-08] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\Run: [MicrosoftEdgeAutoLaunch_094401CD5F3200051AFB49325CEE60A7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883456 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\Run: [GoogleChromeAutoLaunch_9A291DEC24F52DF69448076AF7E97D93] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2795808 2024-06-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.114\Installer\chrmstp.exe [2024-06-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\126.1.67.119\Installer\chrmstp.exe [2024-06-21] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-460348F480E8}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
IFEO\vdsldr.exe: [Debugger] cmd /q Skip TPM Check on Dynamic Update © AveYo, 2021 /d/x/r>nul (erase /f/s/q %systemdrive%\$windows.~bt\appraiserres.dll&md 11&cd 11&ren vd.exe vdsldr.exe&robocopy "../" "./" "vdsldr.exe"&ren vdsldr.exe vd.exe&start vd -Embedding)&rem;
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tailscale.lnk [2024-06-17]
ShortcutTarget: Tailscale.lnk -> C:\Program Files\Tailscale\tailscale-ipn.exe (Tailscale Inc. -> Tailscale Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1C035DC6-5D50-4BA1-9349-F24C2C41023E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{E1EBFBBB-E97E-4FF2-84D0-217869A7C5B4} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-08-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {FBE90D29-63E5-4680-B4C2-3B98EE396D83} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{3AB1D3C9-48E5-4F3D-BE18-086822882ED6} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-08-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {74D4CEE7-5B14-48F0-A5E8-D36148371EE2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {DAFCC9F8-773A-45C7-A4EA-E613432B5987} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{AB465C85-4EE3-46DF-A66C-EFB4B392D7D5} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {8A094377-ED33-4DE6-916C-55591FB29554} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [825776 2021-12-01] (Intel Corporation -> Intel® Corporation)
Task: {27CC4CD8-0B4E-408D-898D-5005209548E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F00D6DC1-28FD-431E-94EA-2B076109F2C1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDA5ADFA-7154-457A-A8D3-2F0057B8E7E8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D1FFC6B-AE16-482C-96FA-DFCBBEDE36F8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {16FC9F60-B33F-40ED-8ADC-131C2382F9A6} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0EA1E28-76C2-454B-885F-77898A9985E0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [504552 2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {B70512A8-6284-4F27-921E-2182778DBBA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98C48955-5D52-4FF9-8A6A-1C6A20547201} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B4FE3600-CD39-4534-9E96-80E6C1768508} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6A2F8862-5795-4701-842E-829AFC2E6E63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5565D2E5-CB31-4E8B-A4D1-6154D40964C4} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\rundll32.exe [71680 2024-06-18] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\system32\url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMIMKMJJKJJJNJHMOMCNHMKJOMNJCNLMJJJMHMCNHMJJNMPMCNLJNJOMLMNJMMMJGMJJJJLJJJJNIICMGMCNMMCNMMCNMMJNHJCMNMCNOMPMCNPMCNOMGMPMLMMMJNHICMEKMICNJJCKJNAJCMKJCJOJBJKIKJDJPLDJKJJIGIBNBJKJLIJNEJCMJNFJCMJNBJCMKLCJOJBJK (the data entry has 158 more characters).
Task: {0DE764E4-8DE8-4A7C-B837-044794B95E2B} - System32\Tasks\Run RoboForm Process => C:\Program Files\Google\Chrome\Application\chrome.exe [2795808 2024-06-17] (Google LLC -> Google LLC) -> hxxps://start.roboform.com#updated=1671302029
Task: {D27417F8-22D6-4830-BE4E-8DC2433AB1FD} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [156464 2023-03-08] (Siber Systems -> Siber Systems) -> C:\Program Files (x86)\Siber Systems\AI RoboForm\/autoupdate=9.3.7.7
Task: {5A99845A-4773-4016-919F-132774824211} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121595976 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE
Task: {B4712F41-9AA9-4F34-B927-2783D39C397B} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [{915CBDC7-9EDA-479C-99B3-A84146372E40}] => hxxp://127.0.0.1:86/ <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 10.1.0.1 1.1.1.1
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}: [DhcpNameServer] 10.1.0.1 1.1.1.1
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}: [DhcpDomain] internal.drorhome.com
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\24163756D656E647: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\3514251484F575F425B4D27657563747: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8 192.168.3.1
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\84F6E6461655E696675627375634573747F6D6562737: [DhcpNameServer] 8.8.4.4
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\84F6E6461655E696675627375634573747F6D6562737: [DhcpDomain] lan
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\9402265797020786F6E6563702733323025373030213938323: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{136b131f-0a16-481d-aabd-0d36809bd182}\F6074796D657D677966696: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4e408d78-10f2-404d-8098-9996e1c61771}: [DhcpNameServer] 10.1.0.1 1.1.1.1
Tcpip\..\Interfaces\{4e408d78-10f2-404d-8098-9996e1c61771}: [DhcpDomain] internal.drorhome.com
Tcpip\..\Interfaces\{735339f7-aa42-4cae-98f4-a46f5b09b7d4}: [NameServer] 10.56.0.1
Tcpip\..\Interfaces\{7c7714b2-f245-4af6-be8c-a2400b875888}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{81f061af-c5cf-42a5-b495-a3e14b7cb2ab}: [DhcpNameServer] 192.168.0.83
Tcpip\..\Interfaces\{8c4907ea-f94e-4ac4-a2e3-526fed43eee7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{996e4d22-51cb-491a-8adc-b3b8531dc976}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{d4c629f3-86fa-425f-ba99-b444caf5e7c8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ebff75f5-b308-4063-9471-cccab8b0a032}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{ee50f327-ea66-487e-a1c3-9f19919f3d1f}: [DhcpNameServer] 172.20.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Root\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-21]
Edge Notifications: Default -> hxxps://www.optimum.net
Edge Extension: (Google Docs Offline) - C:\Users\Root\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Root\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Root\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-06-21]
Edge Extension: (RoboForm Password Manager) - C:\Users\Root\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2024-06-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default [2024-06-21]
CHR Notifications: Default -> hxxps://twitter.com
CHR HomePage: Default -> hxxp://localhost:53682/?error=invalid_client&error_description=AADSTS650051%3a+Using+application+%27rclone%27+is+currently+not+supported+for+your+organization+student.egcc.edu+because+it+is+in+an+unmanaged+state.+An+administrator+needs+to+claim+ownership+of+the+company+by+DNS+validation+of+student.egcc.edu+before+the+application+rclone+can+be+provisioned.%0d%0a
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://start.roboform.com","hxxp://www.bing.com/?pc=U217C","hxxp://g.msn.com/1ewenusDefaultPack/U217_DefaultPack_DHP2","hxxp://google.com/","hxxp://search.b1.org/","hxxp://www.google.com/ig"
CHR Extension: (Google Translate) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-06-21]
CHR Extension: (Silk - Privacy Pass Client) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2024-06-21]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2024-06-21]
CHR Extension: (ShowPassword) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2022-12-05]
CHR Extension: (Turn Off the Lights) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2024-06-21]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-06-21]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2024-06-21]
CHR Extension: (Tampermonkey) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-12-05]
CHR Extension: (Business Card Maker) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpchnngplfnmejdkfgpmfhifccngoiih [2022-12-05]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-21]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-06-21]
CHR Extension: (iCloud Bookmarks) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2022-12-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-12-05]
CHR Extension: (Chain Reaction) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2022-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-21]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2022-12-05]
CHR Extension: (Toshl Finance) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkglemnonbchhapbnnmfjgebfphlcce [2022-12-05]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-21]
CHR Extension: (Voice Recognition) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2022-12-05]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-06-21]
CHR Extension: (CNET Shopping) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2024-06-21]
CHR Extension: (Conversationally) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcfbbglcjhnmhfghdhcidhpfgdcfjnaj [2022-12-05]
CHR Extension: (MyPoints Score) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2024-06-21]
CHR Extension: (Ibotta: Price compare, cashback, item alerts) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaedmjlefifhnhpgipjjiiekchaimpk [2024-06-21]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2024-06-21]
CHR Extension: (MetaMask) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-06-21]
CHR Extension: (Don't F*** With Paste) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2022-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-27]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2022-12-05]
CHR Extension: (iCloud Passwords) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2024-06-21]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2024-06-21]
CHR Extension: (Right Click Translate) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\piojkjkndneggfaibepkmabjnkjlhlmk [2022-12-05]
CHR Extension: (RoboForm Password Manager) - C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2024-06-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Brave:
=======
BRA Profile: C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-07-10]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-07-10]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-07-10]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-07-10]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-07-10]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-07-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Root\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfa*g [2021-07-10]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-08-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\126.1.67.119\elevation_service.exe [2688024 2024-06-19] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-08-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012384 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761416 2022-09-01] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [329920 2023-05-16] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-08-04] (Dell Inc -> Dell INC.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{A4180A20-619F-43D6-A9C4-F6BA16A0B8D9} [22384 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-07-28] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [1051136 2021-02-24] (wondershare) [File not signed]
R2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Clone\ElevationService.exe [913408 2021-01-20] () [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [949960 2020-08-12] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [File not signed]
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [371784 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-06-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 Tailscale; C:\Program Files\Tailscale\tailscaled.exe [20022208 2024-06-14] (Tailscale Inc. -> Tailscale Inc.)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262312 2021-02-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_88d301c5038802e4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_88d301c5038802e4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag64.sys [27648 2012-03-02] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\drivers\lgandgps64.sys [27136 2012-03-02] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\drivers\lgandnetdiag64.sys [30720 2015-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\drivers\lgandnetdiag264.sys [30720 2015-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetGps; C:\WINDOWS\System32\drivers\lgandnetgps64.sys [29184 2015-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corporation -> Wistron Corp.)
S3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2018-04-27] (Duet, Inc. -> Duet, Inc.)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-06-28] (Express VPN International Ltd. -> ExpressVPN)
R3 MpKslc92e4354; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CF8E14-0725-4E16-86AB-B234F7B84088}\MpKslDrv.sys [271648 2024-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1134536 2022-06-29] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-07-22] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [87168 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\WINDOWS\System32\drivers\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\drivers\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbGps; C:\WINDOWS\System32\drivers\lgx64gps.sys [27136 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2020-08-13] (Microsoft Corporation) [File not signed]
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [236352 2019-05-13] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174520 2019-05-13] (Oracle Corporation -> Oracle Corporation)
S3 vdbus; C:\WINDOWS\System32\drivers\vdbus.sys [826040 2014-10-07] (Comodo Security Solutions -> COMODO Security Solutions Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-17] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2024-06-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 zttap300; C:\WINDOWS\System32\drivers\zttap300.sys [31744 2020-11-24] (Microsoft Windows Hardware Compatibility Publisher -> ZeroTier Networks LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-21 20:33 - 2024-06-21 20:34 - 000043635 _____ C:\Users\Root\Downloads\FRST.txt
2024-06-21 20:31 - 2024-06-21 20:31 - 002395648 _____ (Farbar) C:\Users\Root\Downloads\FRST64.exe
2024-06-21 20:22 - 2024-06-21 20:22 - 000001220 _____ C:\Users\Root\Desktop\DiskInternals Research.lnk
2024-06-21 20:22 - 2024-06-21 20:22 - 000000000 ____D C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2024-06-21 20:22 - 2024-06-21 20:22 - 000000000 ____D C:\Program Files (x86)\DiskInternals
2024-06-21 20:21 - 2024-06-21 20:31 - 000000000 ____D C:\Users\Root\AppData\Local\CrashDumps
2024-06-21 19:46 - 2024-06-21 19:46 - 000000000 ___HD C:\$WinREAgent
2024-06-21 19:28 - 2024-06-21 19:28 - 000000112 ___SH C:\bootTel.dat
2024-06-18 01:56 - 2024-06-18 01:56 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-18 01:55 - 2024-06-18 01:55 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-06-18 01:14 - 2024-06-18 01:14 - 000025291 _____ C:\Users\emanu\Downloads\W2.pdf
2024-06-17 23:12 - 2024-06-17 23:12 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-06-17 23:09 - 2024-06-17 23:09 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tailscale.lnk
2024-06-17 23:09 - 2024-06-17 23:09 - 000000000 ____D C:\Program Files\Tailscale
2024-06-17 23:08 - 2024-06-17 23:08 - 000753736 _____ (Tailscale Inc.) C:\Users\emanu\Downloads\tailscale-setup-1.68.1.exe
2024-06-17 22:24 - 2024-06-17 22:24 - 000000000 ____D C:\Users\Root\AppData\Local\iMobie_Inc
2024-06-17 22:23 - 2024-06-17 22:23 - 000002545 _____ C:\Users\Public\Desktop\AnyUnlock - iPhone Password Unlocker.lnk
2024-06-17 22:22 - 2024-06-17 22:23 - 014828296 _____ (iMobie Inc.) C:\Users\emanu\Downloads\anyunlock-iphone-password-unlocker-en-setup.exe
2024-06-17 22:14 - 2024-06-17 22:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-21 20:33 - 2019-06-18 13:33 - 000000000 ____D C:\FRST
2024-06-21 20:31 - 2021-02-16 00:26 - 000000000 ____D C:\Users\Root
2024-06-21 20:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-21 20:29 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-21 20:20 - 2022-06-27 23:20 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-21 20:18 - 2023-10-01 15:37 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D094CBFC-2BBE-49C0-81F7-8739C2546AEC}
2024-06-21 20:13 - 2020-08-13 05:44 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-21 20:13 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-21 20:13 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-21 20:12 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-21 20:11 - 2022-12-02 12:37 - 000000000 ____D C:\WINDOWS\system32\11
2024-06-21 20:11 - 2021-02-16 00:26 - 000000000 ____D C:\Users\Root\AppData\Local\Packages
2024-06-21 20:10 - 2021-02-16 00:26 - 000000000 __SHD C:\Users\Root\IntelGraphicsProfiles
2024-06-21 20:10 - 2020-06-04 19:15 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-21 20:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-06-21 20:09 - 2023-01-01 23:01 - 000000000 __SHD C:\Users\emanu\IntelGraphicsProfiles
2024-06-21 20:09 - 2023-01-01 23:01 - 000000000 ____D C:\Users\emanu\AppData\Local\Packages
2024-06-21 20:09 - 2020-06-04 19:27 - 000000000 ____D C:\ProgramData\Packages
2024-06-21 20:08 - 2020-08-13 05:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-21 20:08 - 2020-08-13 05:34 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-21 20:08 - 2018-05-25 19:06 - 000000000 ____D C:\Intel
2024-06-21 20:07 - 2022-12-05 20:50 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1942594187-1280538993-414148617-1012
2024-06-21 20:07 - 2022-12-05 20:50 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1942594187-1280538993-414148617-1012
2024-06-21 20:07 - 2021-07-10 18:20 - 000000000 ____D C:\Program Files\Macrium
2024-06-21 20:07 - 2021-02-16 00:26 - 000002386 _____ C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-21 20:07 - 2019-12-07 05:03 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2024-06-21 20:06 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-21 20:05 - 2022-06-27 22:17 - 000000000 ____D C:\Users\Root\AppData\Local\PlaceholderTileLogoFolder
2024-06-21 19:53 - 2023-01-01 23:24 - 000000000 ____D C:\Users\emanu\AppData\Local\CrashDumps
2024-06-21 19:44 - 2023-01-01 23:03 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1942594187-1280538993-414148617-1018
2024-06-21 19:44 - 2023-01-01 23:03 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1942594187-1280538993-414148617-1018
2024-06-21 19:44 - 2023-01-01 23:01 - 000002389 _____ C:\Users\emanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-21 19:43 - 2020-08-17 01:02 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-21 19:43 - 2020-08-17 01:02 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-21 19:43 - 2020-08-14 17:51 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-06-21 19:43 - 2020-08-14 17:51 - 000002387 _____ C:\Users\Public\Desktop\Brave.lnk
2024-06-21 15:41 - 2023-01-01 23:03 - 000000000 ____D C:\Users\emanu\AppData\Local\D3DSCache
2024-06-21 15:39 - 2021-10-02 18:23 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-21 15:39 - 2021-10-02 18:23 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-21 15:38 - 2020-08-13 05:34 - 000633432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-18 06:24 - 2024-03-15 02:28 - 000000000 ____D C:\WINDOWS\InboxApps
2024-06-18 06:24 - 2021-03-24 01:14 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-06-18 06:24 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-18 06:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-18 06:24 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-06-18 02:53 - 2020-08-13 05:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-18 01:59 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-18 01:55 - 2020-08-13 05:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-18 01:49 - 2022-07-04 19:08 - 000000000 ____D C:\Program Files\dotnet
2024-06-18 01:49 - 2018-05-25 19:05 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-18 01:48 - 2023-09-15 14:37 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-06-18 01:29 - 2020-07-05 06:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-18 01:25 - 2022-11-29 21:54 - 000000000 ____D C:\Program Files\RUXIM
2024-06-18 01:25 - 2020-07-05 06:47 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-17 23:18 - 2023-01-01 23:03 - 000000000 ____D C:\Users\emanu\AppData\Local\Tailscale
2024-06-17 23:18 - 2022-11-29 21:11 - 000000000 ____D C:\ProgramData\Tailscale
2024-06-17 23:13 - 2020-08-19 21:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-17 23:13 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-06-17 23:09 - 2022-12-05 20:49 - 000000000 ____D C:\Users\Root\AppData\Local\Tailscale
2024-06-17 22:52 - 2021-07-10 17:40 - 000000128 _____ C:\Users\Root\AppData\Local\PUTTY.RND
2024-06-17 22:36 - 2020-06-04 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-06-17 22:29 - 2021-07-11 23:41 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-17 22:29 - 2021-07-11 23:41 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-17 22:24 - 2021-05-16 10:52 - 000000000 ____D C:\Users\Root\AppData\Roaming\iMobie
2024-06-17 22:23 - 2021-03-16 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2024-06-17 22:23 - 2021-03-16 00:34 - 000000000 ____D C:\Program Files (x86)\iMobie
2024-06-17 22:17 - 2021-09-17 12:41 - 000000000 ____D C:\Program Files (x86)\Google
2024-06-17 22:15 - 2022-08-15 10:07 - 000003860 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{3AB1D3C9-48E5-4F3D-BE18-086822882ED6}
2024-06-17 22:15 - 2022-08-15 10:07 - 000003736 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{E1EBFBBB-E97E-4FF2-84D0-217869A7C5B4}
==================== Files in the root of some directories ========
2021-07-10 16:07 - 2021-07-10 16:08 - 000000145 _____ () C:\Users\Root\pingit.cmd
2021-07-10 17:40 - 2024-06-17 22:52 - 000000128 _____ () C:\Users\Root\AppData\Local\PUTTY.RND
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition file below
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.06.2024
Ran by Root (21-06-2024 20:35:29)
Running from C:\Users\Root\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) (2020-08-13 09:40:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1942594187-1280538993-414148617-500 - Administrator - Disabled)
CDFAccount (S-1-5-21-1942594187-1280538993-414148617-1002 - Limited - Disabled)
DefaultAccount (S-1-5-21-1942594187-1280538993-414148617-503 - Limited - Disabled)
emanu (S-1-5-21-1942594187-1280538993-414148617-1018 - Limited - Enabled) => C:\Users\emanu
Guest (S-1-5-21-1942594187-1280538993-414148617-501 - Limited - Disabled)
meyra (S-1-5-21-1942594187-1280538993-414148617-1013 - Limited - Enabled)
postgres (S-1-5-21-1942594187-1280538993-414148617-1008 - Limited - Enabled) => C:\Users\postgres
Root (S-1-5-21-1942594187-1280538993-414148617-1012 - Administrator - Enabled) => C:\Users\Root
WDAGUtilityAccount (S-1-5-21-1942594187-1280538993-414148617-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3uTools (HKLM-x32\...\3uTools) (Version: 2.56.012 - ShangHai ZhangZheng Network Technology Co., Ltd.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AdoptOpenJDK JDK with Hotspot 11.0.8.10 (x64) (HKLM\...\{FDC10A03-67E2-4282-B16A-A8B113A80456}) (Version: 11.0.8.10 - AdoptOpenJDK)
AltServer (HKLM-x32\...\{6AABEB90-A6BD-4168-A043-5FC3EA0F8D37}) (Version: 1.5.1 - Riley Testut)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.9.1 - Angry IP Scanner)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 5.5 - Power Software Ltd)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.7.0.0 - iMobie Inc.)
AnyUnlock - iPhone Password Unlocker (HKLM\...\AnyUnlock - iPhone Password Unlocker) (Version: 2.1.0.1 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Blackmagic RAW Common Components (HKLM\...\{C569CAEE-D0BF-45DE-833E-E97988B5CB8B}) (Version: 1.8 - Blackmagic Design)
BlackVue 3.14 (HKLM-x32\...\BlackVue) (Version: 3.14 - PittaSoft, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 126.1.67.119 - Brave Software Inc)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Dell Digital Delivery (HKLM-x32\...\{A9758B6E-19FC-4DB4-A031-AFE6C2327A35}) (Version: 3.5.1004.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{0B5978E6-D912-4E4F-B117-A164F68BC95C}) (Version: 3.0.9346 - Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM\...\{A8DFE386-5055-48F6-95C9-8DF312812625}) (Version: 3.15.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{68D8E750-23FC-4A2B-BE01-E7A90CE23746}) (Version: 5.5.8.18837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ebc225e0-50f1-4cf7-8fff-b7be888f6915}) (Version: 5.5.8.18837 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{20E7100A-BADE-4287-8AAD-B498A1E51C13}) (Version: 5.0.0 - Dell Inc.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 4.21 - DiskInternals Research)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.3 - HexChat)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Chipset Device Software (HKLM\...\{94E05108-3E4E-4F2E-AC5F-33A1B22B779C}) (Version: 10.1.1.44 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{75000D29-0D43-467B-84AC-12EB33DA1F14}) (Version: 30.100.1943.2 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000110-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{68A981A0-ED59-41E0-B45E-7A78F643120D}) (Version: 21.40.1.3406 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{1bfc9e76-17dd-4b9e-a76e-467a1ded25f6}) (Version: 22.130.0.5 - Intel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
LibreOffice 7.1 Help Pack (English (United States)) (HKLM\...\{67A6D8C1-0813-4F79-9BB0-9B9F5FF9D165}) (Version: 7.1.4.2 - The Document Foundation)
LibreOffice 7.1.4.2 (HKLM\...\{7BE60D5A-5444-4E4D-9BAE-6A5BEA22C2AA}) (Version: 7.1.4.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.6.0.0 - EditShare)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.31 (x64) (HKLM\...\{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.31 (x86) (HKLM-x32\...\{7BA19BCB-4274-4F0B-AC7A-701026197097}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM\...\{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x86) (HKLM-x32\...\{FE056116-B4D5-4279-BD2C-2B48F99CE797}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM\...\{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM-x32\...\{28c77e24-3d3a-47bc-9e4b-9f1381f40082}) (Version: 6.0.31.33717 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.31 (x86) (HKLM-x32\...\{3FF9C48B-C566-448C-A95D-C4862AC74524}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.17628.20144 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.61 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1942594187-1280538993-414148617-1012\...\OneDriveSetup.exe) (Version: 24.111.0602.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\OneDriveSetup.exe) (Version: 24.111.0602.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1942594187-1280538993-414148617-1012\...\Teams) (Version: 1.4.00.2879 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM\...\{EFE53353-800E-4987-B965-1C968D0F23A4}) (Version: 48.124.15242 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM-x32\...\{1a7abdc5-639b-4af0-87c6-dbc511750c6e}) (Version: 6.0.31.33720 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.31 (x86) (HKLM-x32\...\{558558E9-EF67-4CC1-8D73-4FE680754D59}) (Version: 48.124.15242 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x86) (HKLM-x32\...\{aa5b5915-5045-4655-8b27-20fcb15d7386}) (Version: 6.0.31.33720 - Microsoft Corporation)
MiniTool Partition Wizard 12.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.8 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.5.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 102.6.1 (x64 en-US)) (Version: 102.6.1 - Mozilla)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.8 - Notepad++ Team)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 517.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 517.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham)
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.34.24 - Quicken)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.40 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.16299.20038 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.54.608.2022 - Realtek)
RoboForm 9-4-3-3 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-4-3-3 - Siber Systems)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.2.0.930 - Samsung Electronics)
Screen Recorder Launcher (HKLM-x32\...\ScreenRecorderLauncher) (Version: v2.9.3vo - )
SDIE (HKLM-x32\...\{7189D838-82B3-4609-B0AC-B8BF239BE4F0}_is1) (Version: 1.21 - FutureFlash)
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Tailscale (HKLM\...\{C65804F9-7A78-584A-B2F0-334C78DD6BB8}) (Version: 1.68.1 - Tailscale Inc.) Hidden
Tailscale (HKLM-x32\...\{c4aca4d4-d6ee-48a2-a4f0-612c3f06aad4}) (Version: 1.68.1 - Tailscale Inc.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.13565 - Microsoft Corporation)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: 9.7.99 - Hamrick Software)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.141 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Wondershare Dr.Fone (Version 10.8.0) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 10.8.0.330 - Wondershare Technology Co.,Ltd.)
ZeroTier One Virtual Network Port (HKLM\...\{272B1192-65BE-4BDE-894B-6D3AD8BF7FD2}) (Version: 1.0.1 - ZeroTier) Hidden
Zoom (HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.)
Packages:
=========
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2023-01-01] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\dellinc.dellhelpsupport_3.2.1.0_x64__htrsf667h5kn2 [2023-01-01] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0 [2024-06-21] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.15.14.0_x64__htrsf667h5kn2 [2024-06-21] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\dellinc.dellproductregistration_3.4.6.0_x64__htrsf667h5kn2 [2023-01-01] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2024-06-21] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.0.48.0_x86__htrsf667h5kn2 [2024-06-21] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2023-01-01] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_141.2.441.0_x64__v10z8vjag6ke6 [2022-12-16] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2023-01-01] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1032.0_x64__8j3eq9eme6ctt [2023-01-01] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2023-01-01] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2023-01-01] (McAfee LLC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2023-01-01] (Microsoft Studios) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_24033.811.2738.2546_x64__8wekyb3d8bbwe [2024-06-21] (Microsoft) [Startup Task]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.22661.0_x64__8wekyb3d8bbwe [2023-01-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2023-01-01] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-01-01] (NVIDIA Corp.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.971.0_x64__rh07ty8m5nkag [2023-01-01] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2023-01-01] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-01-01] (Waves Audio)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1012_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Root\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1012_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1012_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Root\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1018_Classes\CLSID\{04271989-C4D2-42F2-DDF4-2451F2880EE7} -> [OneDrive - Franklin University] => C:\Users\emanu\OneDrive - Franklin University [2023-01-01 23:32]
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1018_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\emanu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1018_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1018_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\emanu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1942594187-1280538993-414148617-1018_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\emanu\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-12-24] (Notepad++ -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_88d301c5038802e4\nvshext.dll [2022-08-05] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2021-03-16 01:02 - 2021-02-24 15:25 - 003889664 _____ () [File not signed] C:\Program Files (x86)\Wondershare\drfone\WsidClient.dll
2020-08-24 23:18 - 2016-08-09 01:13 - 000183296 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2020-08-24 23:19 - 2016-07-27 04:08 - 002264576 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2017-05-03 20:20 - 2017-05-03 20:20 - 000086016 _____ (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\dadkeyb.dll
2020-08-24 23:19 - 2015-08-26 04:40 - 001687930 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libiconv-2.dll
2020-08-24 23:19 - 2015-08-26 04:40 - 000685350 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libintl-8.dll
2020-08-24 23:16 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2020-08-24 23:19 - 2016-05-05 02:35 - 001655808 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBEAY32.dll
2020-08-24 23:19 - 2016-05-05 02:35 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\SSLEAY32.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.4.3.3\RoboForm-x64.dll [2023-03-08] (Siber Systems -> Siber Systems Inc.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-08-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.4.3.3\roboform.dll [2023-03-08] (Siber Systems -> Siber Systems Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-08-12] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.4.3.3\RoboForm-x64.dll [2023-03-08] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.4.3.3\roboform.dll [2023-03-08] (Siber Systems -> Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-17] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\sharepoint.com -> hxxps://franklinu-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-06-21 20:09 - 2024-06-21 20:09 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\dotnet\;C:\Program Files\Tailscale\
HKU\S-1-5-21-1942594187-1280538993-414148617-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1942594187-1280538993-414148617-1012\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "AirBackupHelper"
HKU\S-1-5-21-1942594187-1280538993-414148617-1012\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1942594187-1280538993-414148617-1012\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A291DEC24F52DF69448076AF7E97D93"
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_094401CD5F3200051AFB49325CEE60A7"
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1942594187-1280538993-414148617-1018\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6723A70B-2C90-48CC-AC94-E11BFE42E7EB}] => (Allow) LPort=80
FirewallRules: [{118C6935-0D71-4EF0-8419-3BA8861A85E1}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{81796785-FD4C-47B4-A755-DEAC7CD317F8}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{CEFC9BB8-17E3-4809-A10C-CE8F6777B514}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C4F645F-D883-480B-A239-A68B740E26B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C13A76E-0158-48B5-8D97-223763BADC95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C14474D3-F751-4835-92E6-6A788FB65BC7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{92F29070-7BCF-4131-BA17-A0799B71D5C7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3302EB46-518E-4C74-B07D-83E68CBBA7A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BB91F1F3-AC7E-4EAF-91E7-596A2E3FA065}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{772E1160-FA68-42F0-9735-536607138AA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{31266A28-A8A8-4E51-8C2B-09DDCD0B5AAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3ED3E0AD-A253-49D5-B0C5-DBA32582BD5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{07093971-6C23-4078-9736-F113DE454A0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A85F6CA3-802D-4CC4-A988-8CF293804A14}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe => No File
FirewallRules: [{A81E9152-6B40-4C83-A5E1-23FD75757641}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe => No File
FirewallRules: [TCP Query User{C44556E3-62D9-4AD4-AFF5-6D65D828D3D0}C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe
FirewallRules: [UDP Query User{AEAFF5AE-22B3-46DD-A7DA-4BD80C2F1F54}C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe
FirewallRules: [TCP Query User{5FEA61BB-650E-4837-91B0-EE42689B7CF9}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe => No File
FirewallRules: [UDP Query User{44AB69D9-9B50-4221-A53E-1270B81605ED}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe => No File
FirewallRules: [{F8D385E1-B2EC-476C-8232-57F75908E34E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8B98B9E-DFF9-4C17-B8E4-95A60069686F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9ADDFCD-A6DF-4C91-8441-0EE545595E77}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{DF2ECCAC-699B-49AD-9058-36A5CD58F033}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{C4016BE1-B7E4-4203-B048-E8E254376AE6}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{789C1008-9BA5-46C8-AA37-49D2240E6AE5}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{E6451F88-F90E-43CF-861C-03CA8471C17A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{9FFB9DEF-2B94-4246-9B42-20FBFD7B1450}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{1A98D271-666A-416A-BFD0-60F8186B2A63}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{0F9488AF-E237-436C-AED9-E8A916004771}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{0EC66F09-D12E-4ED5-85C2-5CC8E79BF3F5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{21F1BC1F-8D6A-4769-8869-438E082426FB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{FE6FBE4C-F3E2-4357-BEE6-166246BBF712}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{92A29BDD-BC50-43A5-9023-5401EE670E91}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
FirewallRules: [{5B83E8FF-D512-41CA-A9D0-2262C458E654}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{C0185D76-23AA-433C-97EC-DD4A7083E106}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [{7B363882-8FE7-4944-9280-AB26443BDFBA}] => (Allow) C:\Users\emanu\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2613995B-6B2C-42A3-A818-F6BD92BF8EAA}] => (Allow) C:\Users\emanu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A46D6DB6-5405-4803-BC3C-CF7EECF8283E}] => (Allow) C:\Users\emanu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{1E3183AB-F82C-4846-994C-B21FBEAAB07A}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe => No File
FirewallRules: [UDP Query User{95CFE1C1-49A0-46DF-95C0-D8C5D385B130}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe => No File
FirewallRules: [{8A055D68-BF5C-456A-A5AC-F719D4B17817}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{B0DDC66E-751F-4C4E-8FE3-503468902EF2}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{00EE0BAE-3D0F-409F-8B8C-362910E75A83}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{8BB06BC3-DF8C-45B4-B4BD-99C8BC0F5F68}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{854DAE75-F45C-4535-84BD-1AA5936A8CE1}] => (Block) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{A80B3BD1-DADF-4523-9D4D-BAE43A54C1C5}] => (Block) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [TCP Query User{2140F2E7-36C3-4ADF-9096-C808B438984D}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{4BADBCB5-28FF-424F-AF66-DDEE6C540ECD}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{8DC26ECF-A3BC-43C9-9C72-933348D06CEB}] => (Block) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{B49A8846-5A33-42AB-B4FE-A8E4B057C66F}] => (Block) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{18A2CD9B-071D-417B-AA96-38B780E489B2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{5DDEC8DC-4417-4510-BDC9-5BAC2CF9C5FD}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe (HexChat) [File not signed]
FirewallRules: [UDP Query User{9A5A2C5C-6910-4E27-8417-23717640BE98}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe (HexChat) [File not signed]
FirewallRules: [{D4336CA3-BDA7-496E-8852-B7888133B056}] => (Block) C:\program files\hexchat\hexchat.exe (HexChat) [File not signed]
FirewallRules: [{E7D11D91-BD26-4E38-87F4-8634E6AB3AE3}] => (Block) C:\program files\hexchat\hexchat.exe (HexChat) [File not signed]
FirewallRules: [{7E3AD730-51B0-40DC-BC58-ABEB7829E6CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE55D158-BCFB-404D-9E33-E75252AD255F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A3013876-0109-476A-BD3B-E15C20434882}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E28744C1-D8CF-404A-8A68-39354E49D920}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A50DA425-E105-44DA-889A-CFB5CB3B483A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{48D61B17-60D2-4DFB-98FE-9EDB968DA62A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [TCP Query User{18FF9B55-349C-407E-BDC3-97354EF58ED1}C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe
FirewallRules: [UDP Query User{5EF0DC00-448C-4DEA-9C03-31C8F7481B4C}C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe] => (Allow) C:\program files\adoptopenjdk\jdk-11.0.8.10-hotspot\bin\javaw.exe
FirewallRules: [TCP Query User{66FFAC67-865F-450B-95A5-5A44124AC5CC}C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp] => (Allow) C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp => No File
FirewallRules: [UDP Query User{E07E04FF-8817-481E-89DB-29AE5F2591DF}C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp] => (Allow) C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp => No File
FirewallRules: [{F183FB9C-C94B-41EE-9158-E6539318D560}] => (Block) C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp => No File
FirewallRules: [{2EB93145-3312-4EDA-A1B7-94D13E1FA544}] => (Block) C:\users\emanu\appdata\local\packages\kalilinux.54290c8133fee_ey8k8hqnwqnmg\localstate\rootfs\usr\sbin\xrdp => No File
FirewallRules: [TCP Query User{9C48702D-4B8C-444F-A309-4791725C80F0}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe => No File
FirewallRules: [UDP Query User{6DBD3516-6392-45B5-8F75-E091CC5C494B}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe => No File
FirewallRules: [{837D9A23-C7F4-4CD8-A3FE-34E7515E5443}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe => No File
FirewallRules: [{4FE1581E-26BB-4808-B0F8-DDF3CB128F42}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe => No File
FirewallRules: [{849DE9AA-7539-4760-A517-45CA6D025ED6}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software)
FirewallRules: [{487C2728-BD8E-4D25-B543-958C39ABEC3A}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software)
FirewallRules: [{CF66482C-FA6C-4859-A3D4-D34387A1AAC8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40DABBA7-F105-45D5-A44E-399F52701A45}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24033.811.2738.2546_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2F1E7D9-FDB3-470B-9B57-BAA67D4E567F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24033.811.2738.2546_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FBC6C291-B5BB-41DC-A824-6946006F495B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE97E6B6-4C6F-4100-A668-7026E63FC022}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F7D97E82-6E8D-438E-8F73-D32453434523}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CF09D9D1-DA25-41FF-AC8D-AA2D3AA81A52}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{F0B69116-3F51-481B-A136-6307AFE24C80}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2DF79FE7-476E-427D-8E2A-203520AEA02B}] => (Allow) C:\Program Files\Tailscale\tailscaled.exe (Tailscale Inc. -> Tailscale Inc.)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/21/2024 08:36:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:36:01Z. Error Code: 0x80070002.
Error: (06/21/2024 08:35:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:35:31Z. Error Code: 0x80070002.
Error: (06/21/2024 08:35:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:35:01Z. Error Code: 0x80070002.
Error: (06/21/2024 08:34:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:34:31Z. Error Code: 0x80070002.
Error: (06/21/2024 08:34:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:34:01Z. Error Code: 0x80070002.
Error: (06/21/2024 08:33:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:33:31Z. Error Code: 0x80070002.
Error: (06/21/2024 08:33:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:33:01Z. Error Code: 0x80070002.
Error: (06/21/2024 08:32:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2124-05-29T00:32:31Z. Error Code: 0x80070002.
System errors:
=============
Error: (06/21/2024 08:22:50 PM) (Source: volsnap) (EventID: 16) (User: )
Description: The shadow copies of volume E: were aborted because volume E:, which contains shadow copy storage for this shadow copy, was force dismounted.
Error: (06/21/2024 08:08:55 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (06/21/2024 08:05:23 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/21/2024 08:05:22 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/21/2024 08:05:22 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/21/2024 08:05:22 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/21/2024 08:05:22 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (06/21/2024 08:05:22 PM) (Source: DCOM) (EventID: 10010) (User: DELL-7570)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-06-21 20:22:55
Description:
Controlled Folder Access blocked C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exe from making changes to memory.
Detection time: 2024-06-22T00:22:55.864Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files (x86)\DiskInternals\LinuxReader\LinuxReader64.exe
Security intelligence Version: 1.413.438.0
Engine Version: 1.1.24050.5
Product Version: 4.18.24050.7
Date: 2024-06-21 20:00:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-18 01:17:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-17 22:35:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-06-17 22:15:12
Description:
Controlled Folder Access blocked C:\Windows\Temp\inv9297_tmp\bin\SSDUpdate.exe from making changes to memory.
Detection time: 2024-06-18T02:15:12.090Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Windows\Temp\inv9297_tmp\bin\SSDUpdate.exe
Security intelligence Version: 1.407.438.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
Event[0]:
Date: 2024-06-17 22:35:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.438.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2024-06-17 22:35:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.438.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2023-01-04 20:03:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.381.1738.0
Previous security intelligence Version: 1.381.606.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.19900.2
Previous Engine Version: 1.1.19900.2
Error code: 0x80004004
Error description: Operation aborted
Date: 2023-01-04 20:03:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.381.1738.0
Previous security intelligence Version: 1.381.606.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.19900.2
Previous Engine Version: 1.1.19900.2
Error code: 0x80004004
Error description: Operation aborted
Date: 2023-01-04 20:03:16
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.381.1738.0
Previous security intelligence Version: 1.381.606.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.19900.2
Previous Engine Version: 1.1.19900.2
Error code: 0x80004004
Error description: Operation aborted
CodeIntegrity:
===============
Date: 2023-10-08 22:34:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-08 22:15:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-08 22:14:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-01 17:37:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-04-24 00:31:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.25.0 07/13/2022
Motherboard: Dell Inc. 02P5YY
Processor: Intel® Core i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 52%
Total physical RAM: 16220.91 MB
Available physical RAM: 7657.14 MB
Total Virtual: 18652.91 MB
Available Virtual: 9277.2 MB
==================== Drives ================================
Drive c: (Windows 10) (Fixed) (Total:603.11 GB) (Free:143.95 GB) (Model: Samsung SSD 970 EVO Plus 1TB) NTFS
Drive d: (ESP) (Fixed) (Total:0.63 GB) (Free:0.53 GB) (Model: Samsung SSD 970 EVO Plus 1TB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (Windows 11) (Fixed) (Total:400 GB) (Free:351.37 GB) (Model: Samsung SSD 970 EVO Plus 1TB) NTFS
Drive f: (Seagate External) (Fixed) (Total:4657.51 GB) (Free:4657.27 GB) (Model: Seagate BUP BK SCSI Disk Device) NTFS
\\?\Volume{00c744a9-51c0-c3d9-e5fb-ff7352898e01}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{f6e9ba10-f3e5-01d9-08cd-54e2f2f9ec00}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{00cbe207-79a0-781c-e6fb-df730ec49701}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{f5cda310-f3e6-01d9-88d1-e242f3f9ec00}\ () (Fixed) (Total:0 GB) (Free:0 GB)
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2E21E868)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 4657.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Attached Files
- FRST.txt 54.42KB0 downloads
- Addition.txt 59.81KB0 downloads
