help with Win 10 laptop slowing to snails pace,etc

[Delusion]

FTR - I have a Windows Update issue:

I have a Qualcomm driver there, "Pending Download", however, its already been downloaded and installed and the one stuck on the front page is the exact same version that is listed in the install history under drivers downloaded/updated. How can I clear that pending status?

 

[xilolee]

hlmflgnnmmojlnbmaokpfcjdkhkjbnok seems to be the nebula theme for chrome.

 

[DR M]

Hello.

Did you intentionally installed the Nebula theme for Chrome?

There is a system file missing and there is no good copy anywhere in your computer to replace it. I'll see what I can do.

 

[Delusion]

I’m not sure. I quit using chrome quite some time ago. I use DuckDuckGo or it’s extensions every chance I get. On the laptop I stay with Edge, and use DuckDuckGo search and extension.

I don’t recall if I had that theme in the past and it comes with me when I sign in? Or even what it looks like to know if the kiddo installed it. I did notice and avg free browser in one of her downloaded folders somewhere too. Wondered at the time if that might be the ‘browser” that is not responding. It is set to Automatic in mac but not running.

My grandbaby seems to be the one who brings chrome back every time I uninstall. She uses it for EA and the Sims4 game. I suppose that might be why C++ and .NET were installed. I’m trying to be generous with her but I normally don’t allow those downloads.

 

[Delusion]

Hello.

Did you intentionally installed the Nebula theme for Chrome?

There is a system file missing and there is no good copy anywhere in your computer to replace it. I'll see what I can do.

*head in hands*

I became curious and inspected the link xilolee posted ---- Umm, that's the theme I have on my Edge browser, and yes,
I suppose I did intentionally install it.... was that a bad thing?

hlmflgnnmmojlnbmaokpfcjdkhkjbnok seems to be the nebula theme for chrome.

Yep, Chromium, I suppose.

 

[Corday]

Grandchild should have a separate user account. When this is solved, make sure the account doesn't have Admin privileges.

 

[DR M]

Hi, Delusion.

Apologies for the delay. I had an interesting discussion about the file which seems missing/corrupted in your system with colleagues. It seems that Tweaking.com made browser.dll to be flagged with the [X] in the logs. Better to avoid it when you want to fix something.

Just to be sure that we can remove that item:

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter

sfc /scanfile=c:\windows\system32\browser.dll

• Let the scan finish.
• Please post the result you got (a screenshot).

Also, please let me know what issues are you experiencing right now.

 

[xilolee]

I have browser.dll in these paths:
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\browser.dll
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll

I don't have it in c:\windows\system32.
Hence it could be normal if it isn't present.

 

[Delusion]

C:\Windows\system32>sfc /scanfile=c:\windows\system32\browser.dll


There is a system repair pending which requires reboot to complete. Restart
Windows and run sfc again.

C:\Windows\system32>

Also, I have pending Qualcomm driver and a Cumulative update that are FINALLLLLLLY ready for me to restart to install....
I have been delaying restart until i can hear from you about how to proceed.

 

[DR M]

Hi, Delusion.

You can update Qualcom, but first I would like to see the result from the below checks:


1. Run Deployment Image Servicing and Management (DISM)

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter;

DISM /Online /Cleanup-Image /RestoreHealth

• Let the scan run until the end (100%). Depending on your system, it can take some time.
• Please post here the result you got (a screenshot).

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• Enter the command below and press on Enter

sfc /scannow

• Let the scan finish.
• You will normally get one of the following results:
  

  Windows Resource Protection did not find any integrity violations
  Windows Resource Protection found corrupt files and successfully repaired them
  Windows Resource Protection found corrupt files but was unable to fix some of them
  Windows Resource Protection could not perform the requested operation

  Please post the result you got (a screenshot).

 

[Delusion]

Results attached

 

[DR M]

Good. As you can see, there is a system files correction.

How is the computer running now? Please report any issues you are experiencing now with this computer.

 

[Delusion]

So far it seems to be behaving quite a bit better, although I do see services running that I don't usually allow to run, and I still have constant errors in event log about the browser service not responding..... and one about a Certificate that is expired, neither of which i've been able to fix.

And then there's this little issue, keeping me from doing much at a time.

 

[DR M]

Hi.

Time to see fresh FRST logs.

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

 

[Delusion]

This continues to be a problem. Every time I open Settings, it shows that Windows Update needs attention, but there is no
option to run a manual "check for updates" and the download button does nothing at all - because that driver has already
been installed.




Here are the new FRST logs:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2023
Ran by nc2un (administrator) on BLU-SKYZ (Dell Inc. Inspiron 15-3567) (18-06-2023 14:14:25)
Running from C:\Users\nc2un\Desktop\FRST64.exe
Loaded Profiles: nc2un
Platform: Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_b117548b2e075ba1\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2572960 2021-11-29] (HP Inc. -> Hewlett-Packard Co.)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741536 2021-11-29] (HP Inc. -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\Windows\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.134\Installer\chrmstp.exe [2023-06-15] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D2B0645-FCE9-4F93-805A-9751CCD05CFB} - System32\Tasks\DelayedItemsByChemtableSoftware\Spy Protector => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
Task: {26ECDF3E-36A5-4025-AF9C-6C5F6AA920DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {38B53D42-138D-4DA6-A032-FE2432A64DE0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {42FA2E82-F92F-4BDC-A52A-6720F5F64585} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {449993A9-17B5-4A72-9F32-BAC20432724E} - System32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {5BB03B07-45BA-4A42-B185-CE297786DA6C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DE17E1B-1086-426C-91EA-A4B03EA3B9E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33} - System32\Tasks\Patch My PC => C:\Users\nc2un\Downloads\PatchMyPC.exe /silent (No File)
Task: {72D92EB0-27C0-45E6-BA0F-9014271C0E5B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {7DEC55FE-26BF-4655-8046-F9D1BAF5C92B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {83E696D6-8B4D-4190-A9C1-8ACB6F287AD6} - System32\Tasks\DelayedItemsByChemtableSoftware\IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
Task: {8FA36A4D-0815-406D-B1FB-85EC98C52E3D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A542FBFE-1318-4127-91FB-A0CB6BC91BCE} - System32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {B1C4C290-4E3B-42DC-BE2B-682053251A64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B28A162C-4BC6-4660-8354-DE01F3ED4848} - System32\Tasks\DelayedItemsByChemtableSoftware\SecurityHealth => C:\Windows\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C5B0C8AC-8013-4E8E-9A56-73148840FEAE} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-2792867324-3544351356-3005626667-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2157304 2023-06-02] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {E4557995-902C-44E3-B770-85E7E775A690} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.167.161.35 216.167.161.36
Tcpip\..\Interfaces\{8fa5c09c-6499-47e9-ac82-1a13d14702d2}: [DhcpNameServer] 216.167.161.35 216.167.161.36
Tcpip\..\Interfaces\{bac7db2f-cd52-4701-bc93-fb56cc3c2ff1}: [DhcpNameServer] 216.167.161.35 216.167.161.36

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-18]
Edge Notifications: Default -> hxxps://www.paramountplus.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-06-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-06-12]
Edge Extension: (DuckDuckGo) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-06-08]
Edge Extension: (Turn Off the Lights) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmamkbgpnienhphflfdamlhnljffjdgm [2023-02-08]
Edge Extension: (Edge relevant text changes) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-12]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default [2023-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-20]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-26]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-16]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-30]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [414728 2017-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe" [X]
S2 Intel(R) TPM Provisioning Service; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 HWiNFO_174; no ImagePath
R3 MpKsl4e48e748; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FB22220-F924-4CFB-BDE6-8CA96E5DE3D3}\MpKslDrv.sys [213288 2023-06-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2023-06-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-06-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-14] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl62286ebb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37D51AEC-2C0A-4A01-B849-BE5A5E105186}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-18 14:14 - 2023-06-18 14:16 - 000016867 _____ C:\Users\nc2un\Desktop\FRST.txt
2023-06-18 14:12 - 2023-06-18 14:12 - 002383360 _____ (Farbar) C:\Users\nc2un\Desktop\FRST64.exe
2023-06-15 22:39 - 2023-06-15 22:39 - 000000000 ____D C:\Users\nc2un\AppData\Local\Steam
2023-06-15 00:22 - 2023-06-15 00:22 - 000000000 ___HD C:\$WinREAgent
2023-06-14 05:40 - 2023-06-14 05:47 - 000000000 ____D C:\Users\nc2un\AppData\Local\Notepad
2023-06-12 22:45 - 2023-06-12 22:45 - 002645944 _____ (Malwarebytes) C:\Users\nc2un\Desktop\MBSetup.exe
2023-06-12 22:38 - 2023-06-12 22:38 - 008791352 _____ (Malwarebytes) C:\Users\nc2un\Desktop\AdwCleaner.exe
2023-06-12 22:28 - 2023-06-12 22:28 - 000000008 _____ C:\ProgramData\ntuser.pol
2023-06-12 22:22 - 2023-06-12 22:26 - 000013612 _____ C:\Users\nc2un\Desktop\Fixlog.txt
2023-06-12 21:44 - 2023-06-12 21:44 - 000000000 ____D C:\ProgramData\PrevxCSI
2023-06-11 19:27 - 2023-06-11 19:27 - 003233432 _____ C:\Users\nc2un\Documents\Scan.pdf
2023-06-11 17:49 - 2023-06-11 17:49 - 000002301 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2023-06-11 17:49 - 2021-11-29 20:59 - 000741536 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2023-06-11 17:48 - 2023-06-11 17:48 - 000000000 ____D C:\Program Files\HP
2023-06-11 17:39 - 2023-06-17 23:28 - 000000000 ___RD C:\Users\nc2un\Documents\Scanned Documents
2023-06-11 17:39 - 2023-06-11 17:39 - 000000000 ____D C:\Users\nc2un\Documents\Fax
2023-06-10 21:45 - 2023-05-25 22:34 - 000000161 _____ C:\Users\nc2un\Desktop\AESMService- Platform Services initialization failed due to DAL error - Microsoft Community - Copy.url
2023-06-10 16:30 - 2023-06-10 16:31 - 000000000 ____D C:\Program Files (x86)\Qualcomm Wireless
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\system32\nn-NO
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\Options
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Program Files (x86)\Cisco
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athw10x.sys
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2023-06-10 16:30 - 2014-05-13 21:07 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2023-06-10 16:30 - 2014-05-13 21:06 - 000440320 ____N (Atheros) C:\Windows\system32\athihvs.dll
2023-06-09 22:34 - 2023-06-09 22:39 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-06-09 22:34 - 2023-06-09 22:34 - 000001836 _____ C:\Users\nc2un\Desktop\CrystalDiskInfo.lnk
2023-06-09 22:34 - 2023-06-09 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-06-08 17:16 - 2023-06-11 19:36 - 000000000 ____D C:\Users\nc2un\Documents\RANDALL STUFF
2023-06-08 06:41 - 2023-06-08 06:42 - 349210518 _____ C:\Users\nc2un\Documents\regbkup.reg
2023-06-08 06:11 - 2023-06-08 06:11 - 000000610 _____ C:\Users\nc2un\Desktop\Patch My PC Updater.lnk
2023-06-08 04:49 - 2023-06-08 04:49 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2023-06-06 04:54 - 2023-06-06 04:54 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-06-06 00:01 - 2023-06-06 00:01 - 000003768 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2023-06-06 00:01 - 2023-06-06 00:01 - 000002242 _____ C:\Users\nc2un\Desktop\Tweaking.com - Windows Repair.lnk
2023-06-05 22:40 - 2023-06-05 22:40 - 000000059 _____ C:\Users\nc2un\Desktop\Home - LexisNexis Digital Library.url
2023-06-05 22:09 - 2023-06-05 22:09 - 000602816 _____ C:\Users\nc2un\Desktop\Daily Planner, Time Tracker-1657028606351 (1).pdf
2023-06-05 22:08 - 2023-06-05 22:08 - 000949235 _____ C:\Users\nc2un\Desktop\office planner (3).pdf
2023-06-05 22:06 - 2023-06-05 22:07 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2023-06-05 22:06 - 2023-06-05 22:06 - 000000000 ____D C:\Windows\system32\ihvmanager
2023-06-05 21:21 - 2023-06-18 05:05 - 000000000 ____D C:\Users\nc2un\Documents\AFIC DOCS
2023-05-31 16:53 - 2023-05-31 16:53 - 000000000 ____D C:\Windows\system32\Intel
2023-05-30 21:20 - 2023-05-31 15:52 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Excel
2023-05-29 17:45 - 2023-05-29 17:45 - 000000000 ____D C:\Users\nc2un\AppData\Local\ToastNotificationManagerCompat
2023-05-26 17:52 - 2023-06-15 23:26 - 000002440 _____ C:\Users\nc2un\Desktop\Denise - Chrome.lnk
2023-05-26 17:47 - 2023-06-15 19:22 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-26 17:47 - 2023-06-15 19:22 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-05-25 22:34 - 2023-05-25 22:34 - 000000161 _____ C:\Users\nc2un\Desktop\AESMService- Platform Services initialization failed due to DAL error - Microsoft Community.url
2023-05-25 22:33 - 2023-05-25 22:33 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-05-19 22:57 - 2023-05-19 22:57 - 000000000 ____D C:\EADesktopDev
2023-05-19 11:58 - 2023-05-19 11:58 - 000000000 ____D C:\Users\nc2un\AppData\Local\EALaunchHelper

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-18 14:15 - 2023-04-07 02:05 - 000000000 ____D C:\FRST
2023-06-18 14:14 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2023-06-18 14:12 - 2023-04-10 02:09 - 000000000 ____D C:\Users\nc2un\Desktop\FRST-OlderVersion
2023-06-18 14:08 - 2023-01-24 13:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-18 14:08 - 2022-09-07 22:13 - 000000000 ____D C:\Windows\SystemTemp
2023-06-18 14:03 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-18 13:49 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-06-18 13:09 - 2023-01-24 03:57 - 000797554 _____ C:\Windows\system32\PerfStringBackup.INI
2023-06-18 13:09 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2023-06-18 13:04 - 2023-01-24 05:44 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-18 13:04 - 2023-01-24 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-18 13:04 - 2023-01-24 04:09 - 000000000 ____D C:\Intel
2023-06-18 13:04 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
2023-06-18 05:16 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-06-18 04:58 - 2023-02-12 20:17 - 000000000 ____D C:\Users\nc2un\Documents\Administration of Estate Notes
2023-06-18 04:13 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-17 23:07 - 2023-01-26 07:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\CrashDumps
2023-06-17 16:31 - 2023-01-24 05:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-17 16:31 - 2023-01-24 05:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-17 03:35 - 2023-01-24 04:05 - 000000000 ____D C:\Users\nc2un\AppData\Local\Packages
2023-06-17 03:20 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2023-06-17 03:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-06-16 03:55 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2023-06-15 13:49 - 2023-04-09 15:32 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-06-15 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2023-06-15 11:22 - 2023-04-20 16:50 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD}
2023-06-15 11:22 - 2023-04-20 16:50 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20}
2023-06-15 05:50 - 2023-01-27 01:24 - 000000000 ____D C:\Users\nc2un\AppData\Local\ElevatedDiagnostics
2023-06-15 01:03 - 2023-01-24 05:47 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-06-14 11:57 - 2023-02-06 15:06 - 000000000 ____D C:\Users\nc2un\AppData\LocalLow\Temp
2023-06-14 11:57 - 2023-01-26 06:37 - 000000000 ____D C:\Users\nc2un\Documents\Christy
2023-06-14 05:47 - 2023-01-24 04:09 - 000000000 ____D C:\Users\nc2un\AppData\Local\D3DSCache
2023-06-14 02:39 - 2023-01-24 10:59 - 000000000 ____D C:\Windows\system32\MRT
2023-06-14 02:34 - 2023-01-24 10:58 - 170078616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-06-14 02:07 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\SecTaskMan
2023-06-14 01:33 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-06-14 01:27 - 2023-01-24 05:45 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-14 01:27 - 2023-01-24 05:45 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-12 22:22 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-06-12 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2023-06-12 21:51 - 2023-01-26 07:25 - 000000000 ____D C:\Users\nc2un\Desktop\PortableApps
2023-06-12 21:41 - 2023-01-26 07:18 - 000000000 ____D C:\Program Files\HWiNFO64
2023-06-12 07:46 - 2023-01-24 21:03 - 000000000 ____D C:\Program Files\Speccy
2023-06-12 06:54 - 2023-01-29 14:30 - 000000085 _____ C:\Windows\wininit.ini
2023-06-11 19:36 - 2023-02-08 15:52 - 000000000 ____D C:\Users\nc2un\Documents\Dell
2023-06-11 17:49 - 2023-02-09 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2023-06-11 17:48 - 2023-02-09 14:33 - 000000000 ____D C:\ProgramData\HP
2023-06-11 17:48 - 2023-02-09 14:28 - 000000000 ____D C:\Program Files (x86)\HP
2023-06-10 19:40 - 2023-02-08 16:01 - 000000000 ____D C:\Program Files (x86)\Intel
2023-06-10 18:10 - 2023-02-08 16:00 - 000000000 ____D C:\Program Files\Intel
2023-06-10 17:00 - 2019-12-07 04:03 - 000065536 _____ C:\Windows\system32\config\ELAM
2023-06-10 16:30 - 2023-02-08 16:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-06-08 06:47 - 2023-01-30 05:56 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2023-06-08 06:21 - 2023-01-26 08:07 - 000003554 _____ C:\Windows\system32\Tasks\Patch My PC
2023-06-08 06:11 - 2023-01-26 07:17 - 000000000 ____D C:\PatchMyPCUpdates
2023-06-08 05:04 - 2023-02-07 17:59 - 000000000 ____D C:\ProgramData\Package Cache
2023-06-08 04:53 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\Dell
2023-06-08 04:49 - 2023-01-26 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-06-08 04:49 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-06-06 09:30 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files (x86)\Dell
2023-06-06 09:30 - 2023-02-08 15:10 - 000000000 ____D C:\ProgramData\Dell
2023-06-06 05:12 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-06-06 04:28 - 2023-02-01 22:03 - 000797554 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2023-06-06 01:03 - 2023-01-24 04:02 - 000000000 ____D C:\Users\nc2un
2023-06-06 00:01 - 2023-01-26 07:24 - 000763225 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2023-06-05 22:03 - 2023-02-08 16:01 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2023-06-05 22:01 - 2023-01-24 04:09 - 000000000 ____D C:\ProgramData\Intel
2023-06-05 21:49 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\dotnet
2023-05-31 16:00 - 2023-02-14 19:25 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-05-31 15:48 - 2023-03-02 04:25 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Word
2023-05-30 23:24 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Credentials
2023-05-30 11:04 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Protect
2023-05-28 01:47 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports

==================== Files in the root of some directories ========

2023-01-30 02:24 - 2023-01-30 02:24 - 000000017 _____ () C:\Users\nc2un\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2023
Ran by nc2un (18-06-2023 14:18:19)
Running from C:\Users\nc2un\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) (2023-01-24 08:52:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2792867324-3544351356-3005626667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2792867324-3544351356-3005626667-503 - Limited - Disabled)
Guest (S-1-5-21-2792867324-3544351356-3005626667-501 - Limited - Disabled)
nc2un (S-1-5-21-2792867324-3544351356-3005626667-1001 - Administrator - Enabled) => C:\Users\nc2un
WDAGUtilityAccount (S-1-5-21-2792867324-3544351356-3005626667-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Belarc Advisor 12.0 (HKLM-x32\...\Belarc Advisor) (Version: 12.0.0.0 - Belarc, Inc.)
CrystalDiskInfo 9.0.1a (HKLM\...\CrystalDiskInfo_is1) (Version: 9.0.1a - Crystal Dew World)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.134 - Google LLC)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8B9CA8CE-6BE2-4107-85BA-773EB0F2073E}) (Version: 28.1.1312.0 - Hewlett-Packard Co.)
HWiNFO64 Version 7.46 (HKLM\...\HWiNFO64_is1) (Version: 7.46 - Martin Malik, REALiX s.r.o.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.51 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.97.62.1020 - Electronic Arts Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-06-06] (INTEL CORP) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt [2023-06-06] (Meta) [Startup Task]
Microsoft 365 -> C:\Program Files\WindowsApps\www.office.com-6A424043_1.0.0.0_neutral__hhrgrbe39qw14 [2023-06-06] (www.office.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [Startup Task]
Paramount+ -> C:\Program Files\WindowsApps\2BDFC20A.CBS_1.0.1.0_neutral__bd059sf7kn2rm [2023-06-06] (CBS Interactive Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-26] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.138.0_x64__pwbj9vvecjh7j [2023-06-14] (Amazon Development Centre (London) Ltd)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.578.564.0_x86__55nm5eh3cm0pr [2023-06-06] (ROBLOX Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Studios) [MS Ad]
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6 [2023-06-06] (Ookla)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\nc2un\OneDrive\Desktop\Microsoft 365.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ocdlmjhbenodhlknglojajgokahchlkk --app-url=hxxps://www.office.com/?from=Homescreen --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\Desktop\Denise - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\nc2un\Desktop\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pokmkoiooknndbddmgmaolnlgelpkhep\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe:MBAM.Zone.Identifier [168]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-11-10] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-06-06 04:51 - 2023-06-06 04:51 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 216.167.161.35 - 216.167.161.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "BingWallpaperApp"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1340DFBB-11FE-44A2-B741-93A7A17CA15A}] => (Allow) LPort=5357
FirewallRules: [{B6953DBF-4D83-4E87-8C17-BE75E8BE9CE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BEEDFD90-F582-47D3-B4C8-F4C9A1670086}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3F37C0CE-66F8-4E89-84C3-AA56E6351ABB}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{BAFA9E1E-D1E8-4D75-9A9E-70F3BFEAE8F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{544FBAE7-7445-4909-96BD-94815613CFDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A7CF758-52E8-48F4-9BF6-831FA138124B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{14B5F3EB-1044-4BAC-9932-0E9BF2CE1767}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FFDB0376-6026-4810-8E5B-726EBA879019}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{9B367FDA-013A-4E2E-A7C1-DA5D13BC7E45}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{72776D45-4F26-4454-BC42-60FE8AF4BD72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{0CBCC599-1EB4-47D1-9BB2-B5018935123E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{D957DBDB-EDE0-4E15-A081-86C307617A07}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{11C2D13B-B3D8-4F3D-9DFA-0416CFF6E325}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{B089EF45-7666-4375-ACCD-D044049D8D33}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6617003A-F764-4E28-A066-BC262C473724}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BC4C7C82-B378-4C9A-A137-151BBA2DF3DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{71E78A16-98AC-4A4B-940D-166833B5F9B1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

11-06-2023 18:10:52 Scheduled Checkpoint
14-06-2023 02:39:56 Windows Modules Installer
15-06-2023 00:20:42 Windows Modules Installer
15-06-2023 00:28:06 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/18/2023 05:15:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (06/18/2023 05:15:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (06/18/2023 05:15:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (06/18/2023 05:15:07 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (06/17/2023 11:07:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3031, time stamp: 0x30ed67b0
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3086, time stamp: 0xe1ac3f79
Exception code: 0xc000027b
Fault offset: 0x000000000012d8b2
Faulting process id: 0x1e38
Faulting application start time: 0x01d99fcb9082862d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 0d71178f-0fb0-43eb-9eb7-04a98b20bff2
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/16/2023 02:43:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.19041.2193 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1aec

Start Time: 01d99fdf9952d9a0

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 3af9d6c5-cc35-44a1-a245-d5f64f946c65

Faulting package full name: Microsoft.LockApp_10.0.19041.1023_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Hang type: Quiesce

Error: (06/15/2023 07:23:16 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: BLU-SKYZ)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/15/2023 06:33:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (06/18/2023 02:04:05 PM) (Source: DCOM) (EventID: 10001) (User: BLU-SKYZ)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (06/18/2023 02:03:33 PM) (Source: DCOM) (EventID: 10001) (User: BLU-SKYZ)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/18/2023 01:51:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.


Windows Defender:
================
Date: 2023-06-18 02:16:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-17 01:51:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-16 03:13:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-16 03:03:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-16 02:50:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-06-17 03:23:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.1577.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-06-06 02:19:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.592.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2023-06-06 02:08:07
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2023-06-18 13:49:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.20.0 07/12/2022
Motherboard: Dell Inc. 0K99NX
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 5975.4 MB
Available physical RAM: 2498.54 MB
Total Virtual: 9303.4 MB
Available Virtual: 5695.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.81 GB) (Free:420.84 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{1539c7d6-be3d-4de4-afc8-d70ebe8380dc}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{49119a6f-7b1b-4159-0b6d-225fdd1c4ab5}\ (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:1.01 GB) NTFS
\\?\Volume{9a598db5-827e-4416-87e0-827a94c50da4}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF287160)

Partition: GPT.

==================== End of Addition.txt =======================

 

[DR M]

Hi.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33} - System32\Tasks\Patch My PC => C:\Users\nc2un\Downloads\PatchMyPC.exe /silent (No File)
Task: {72D92EB0-27C0-45E6-BA0F-9014271C0E5B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
S3 MpKsl62286ebb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37D51AEC-2C0A-4A01-B849-BE5A5E105186}\MpKslDrv.sys [X]
HKLM\...\StartupApproved\Run: => "BdVpnApp"
FirewallRules: [{6617003A-F764-4E28-A066-BC262C473724}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BC4C7C82-B378-4C9A-A137-151BBA2DF3DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.[/*]
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

2. Qualcom Updates

Go to Updates & Security, then View Update History and take a screenshot of what you see.

 

[Delusion]

Quik Note: Upon restart, My Notepad was empty, and as soon as the bowser loaded, the whole system froze for about 10 minutes. I had to force shutdown and restart.
All seems a little slow at the moment but High Mem and High Disk tells a story.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2023
Ran by nc2un (19-06-2023 17:07:44) Run:2
Running from C:\Users\nc2un\Desktop
Loaded Profiles: nc2un
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33} - System32\Tasks\Patch My PC => C:\Users\nc2un\Downloads\PatchMyPC.exe /silent (No File)
Task: {72D92EB0-27C0-45E6-BA0F-9014271C0E5B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
S3 MpKsl62286ebb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37D51AEC-2C0A-4A01-B849-BE5A5E105186}\MpKslDrv.sys [X]
HKLM\...\StartupApproved\Run: => "BdVpnApp"
FirewallRules: [{6617003A-F764-4E28-A066-BC262C473724}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BC4C7C82-B378-4C9A-A137-151BBA2DF3DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33}" => removed successfully
C:\Windows\System32\Tasks\Patch My PC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Patch My PC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72D92EB0-27C0-45E6-BA0F-9014271C0E5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D92EB0-27C0-45E6-BA0F-9014271C0E5B}" => removed successfully
C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => removed successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
MpKsl62286ebb => service not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BdVpnApp" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BdVpnApp" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6617003A-F764-4E28-A066-BC262C473724}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC4C7C82-B378-4C9A-A137-151BBA2DF3DD}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 87539570 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 8888897 B
Windows/system/drivers => 134470248 B
Edge => 0 B
Chrome => 30489078 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8190 B
nc2un => 139781004 B

RecycleBin => 51692530721 B
EmptyTemp: => 48.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:10:49 ====



Here is the Driver History from Windows Update


Ongoing battle with High Disk and High Mem and/or High CPU

 

[DR M]

It was a crazy busy day today, Delusion. I'll see your post tomorrow.

 

[DR M]

Hi, Delusion. Apologies for the delay.

Select Start > Settings > Update & Security > Troubleshoot > Additional troubleshooters. Next, under Get up and running, select Windows Update > Run the troubleshooter.

When the troubleshooter is finished running, restart your device.

Next, check for new updates. Select Start > Settings > Update & Security > Windows Update > Check for updates and then install any available updates.

If the problems aren't all resolved, try running the troubleshooter again to check for additional errors.

Please, let me know what did you do and what happened after doing the above.

 

[Delusion]

Please, let me know what did you do and what happened after doing the above.

I'll start by saying i had an extremely slow startup today. I pulled up the browser, the Task Manager, and Settings/Windows Update.

Windows update did not, at that time, show the Qualcom Driver waiting to be downloaded, but instead it checked for updates, which may have
contributed to the long startup.

Anyway, after I got freed up a bit, I ran the troubleshooter and restarted. This time, when i pulled up Windows Update, it shows the pending Qualcom download again it doesn't respond when clicking the download button, nor does it provide a button for "Check for Updates".

Of note: I downloaded the Qualcom drivers from Dell.....weeks ago. And also, I have my Advanced System Settings/Hardware/Installation Settings set to NOT automatically download the mfg's custom apps and icons..... so Windows Update shouldn't be downloading drivers automatically, either.

So then I ran the troubleshooter a couple of more tims, as per your instructions, and there is no change